Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

how do you use access token and secret for authenticated requests #3

Open
michael-lynch opened this issue Apr 14, 2018 · 1 comment
Labels

Comments

@michael-lynch
Copy link

This isn't an issue for the strategy and it may be more of a passport question or a question about the request package, but seeing as you made this strategy, I'm guessing you may have some insight.

After using the strategy, how should I save the access token and secret for future authenticated requests?

const config = require('../config');

passport.use(new discogsStrategy({
    consumerKey: config.discogs.key,
    consumerSecret: config.discogs.secret,
    callbackURL: config.discogs.callback
    },
    function(token, tokenSecret, profile, done) {
        // how should I save token and tokenSecret?
        // should they be added to the profile object?
        profile.auth.access_token = token;
        profile.auth.secret = tokenSecret;
        return done(null, profile);
}));

I want to later make a request like this:

app.get('/api/folders/', function(req, res) {

    const endPoint = `https://api.discogs.com/users/${req.user.id}/collection/folders/`;

    const oauth = {
        consumer_key: config.discogs.key,
        consumer_secret: config.discogs.secret,
        token: req.user.auth.access_token,
        secret: req.user.auth.secret
    };

    const headers = {
        'User-Agent': ''
    };

    request.post({url: endPoint, oauth: oauth, headers: headers}, function(e, r, body) {
        return body;
    });
});

I also tried using URL parameters:

https://api.discogs.com/users/${req.user.id}/collection/folders/&oauth_acces_token=${req.user.auth.access_token}&oauth_access_token_secret=${req.user.auth.secret}

I'm getting:

{"message": "The requested resource was not found."}

The req.user.auth.access_token and req.user.auth.secret are there. Do you see what I'm missing?

@jmnunezizu
Copy link
Owner

Hi,

You should save the token you get back from Discogs in your database, and use it on behalf of the user whenever he needs to interact with Discogs.

Example:

This is the Strategy setup:

const DiscogsStrategy = require('passport-discogs').Strategy;
const User = require('../models/user');

const discogsConfig = config.get('discogs');

const discogs = new DiscogsStrategy({
  consumerKey: discogsConfig.consumerKey,
  consumerSecret: discogsConfig.consumerSecret,
  callbackURL: 'http://some-callback-url',
  passReqToCallback: true
}, function (req, token, refreshToken, profile, done) {  
  const updateUser = function () {
    const user = req.user;
    logger.debug({ user: user }, 'user exists, updating discogs details');

    user.discogs.id = profile.id;
    user.discogs.token = token;

    user.save(function (err) {
      if (err) {
        throw err;
      }
      return done(null, user);
    });
  };

  process.nextTick(updateUser);
});

module.exports = discogs;

Then, whenever you make a Discogs request for this user, you use the token you previously saved.

Does this help?

Regards,
Jose.-

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants