Node.js 如何在passport google oauth nodejs中刷新令牌
我发现很难用passport google oauth实现刷新令牌。js是我自己使用Passport实现的Google登录过程。我还将代币和到期时间保存在我的MongoDB中。refreshToken.js是我使用google oauth api刷新令牌的尝试。为了清晰起见,我包含了两个文件中的代码。我遇到的问题是,令牌在第一次到期后被刷新,但在随后的到期时不起作用 passport.jsNode.js 如何在passport google oauth nodejs中刷新令牌,node.js,express,passport-google-oauth2,Node.js,Express,Passport Google Oauth2,我发现很难用passport google oauth实现刷新令牌。js是我自己使用Passport实现的Google登录过程。我还将代币和到期时间保存在我的MongoDB中。refreshToken.js是我使用google oauth api刷新令牌的尝试。为了清晰起见,我包含了两个文件中的代码。我遇到的问题是,令牌在第一次到期后被刷新,但在随后的到期时不起作用 passport.js module.exports = function (passport) { passport.seri
module.exports = function (passport) {
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(user, done) {
done(null, user);
});
passport.use(new GoogleStrategy({
clientID: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
callbackURL: 'http://localhost:3000/auth/google/callback'
},
async (accessToken, refreshToken, params, profile, done) => {
//console.log('profile:', profile)
console.log('refresh:', refreshToken)
const idToken = params.id_token
// find expiry_date so it can be save in the database, along with access and refresh token
const expiry_date = dayjs().add(params.expires_in, "s").format("X");
console.log('expiry:',expiry_date)
const newUser = {
googleId: profile.id,
displayName: profile.displayName,
firstName: profile.name.givenName,
lastName: profile.name.familyName,
image: profile.photos[0].value,
accessToken: params.access_token,
idToken: params.id_token,
expiryDate: expiry_date,
refreshToken: refreshToken
}
try {
let user = await usersCollection.findOne({ googleId: profile.id})
if (user) {
done(null, user)
} else {
user = await usersCollection.insertOne(newUser)
done(null, user)
}
} catch (error) {
console.error(error)
}
}
)
)
}
// create auth client
const oauth2Client = new OAuth2(
auth.googleAuth.clientID,
auth.googleAuth.clientSecret,
auth.googleAuth.callbackURL
);
exports.checkToken = (req, res, next) => {
// check for user
if (!req.user) {
console.log("NO USER");
return next();
}
// subtract current time from stored expiry_date and see if less than 5 minutes (300s)
remain
if (dayjs().subtract(req.user.expiryDate, "s").format("X") > -3000) {
// set the current users access and refresh token
oauth2Client.setCredentials({
id_token: req.user.idToken,
access_token: req.user.accessToken,
refresh_token: req.user.refreshToken,
expiry_date: req.user.expiryDate
});
// request a new token
oauth2Client.refreshAccessToken(function(err, tokens) {
if (err) return next(err);
//save the new token and expiry_date
usersCollection.findOneAndUpdate(
{ "googleId": req.user.googleId },
{$set:{
"accessToken": tokens.access_token,
"idToken": tokens.id_token,
"expiryDate": tokens.expiry_date,
"refreshToken": tokens.refresh_token
}},
{ upsert: true },
function(err, doc) {
if (err) return next(err);
next();
}
);
});
}
next();
};
刷新令牌.js
module.exports = function (passport) {
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(user, done) {
done(null, user);
});
passport.use(new GoogleStrategy({
clientID: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
callbackURL: 'http://localhost:3000/auth/google/callback'
},
async (accessToken, refreshToken, params, profile, done) => {
//console.log('profile:', profile)
console.log('refresh:', refreshToken)
const idToken = params.id_token
// find expiry_date so it can be save in the database, along with access and refresh token
const expiry_date = dayjs().add(params.expires_in, "s").format("X");
console.log('expiry:',expiry_date)
const newUser = {
googleId: profile.id,
displayName: profile.displayName,
firstName: profile.name.givenName,
lastName: profile.name.familyName,
image: profile.photos[0].value,
accessToken: params.access_token,
idToken: params.id_token,
expiryDate: expiry_date,
refreshToken: refreshToken
}
try {
let user = await usersCollection.findOne({ googleId: profile.id})
if (user) {
done(null, user)
} else {
user = await usersCollection.insertOne(newUser)
done(null, user)
}
} catch (error) {
console.error(error)
}
}
)
)
}
// create auth client
const oauth2Client = new OAuth2(
auth.googleAuth.clientID,
auth.googleAuth.clientSecret,
auth.googleAuth.callbackURL
);
exports.checkToken = (req, res, next) => {
// check for user
if (!req.user) {
console.log("NO USER");
return next();
}
// subtract current time from stored expiry_date and see if less than 5 minutes (300s)
remain
if (dayjs().subtract(req.user.expiryDate, "s").format("X") > -3000) {
// set the current users access and refresh token
oauth2Client.setCredentials({
id_token: req.user.idToken,
access_token: req.user.accessToken,
refresh_token: req.user.refreshToken,
expiry_date: req.user.expiryDate
});
// request a new token
oauth2Client.refreshAccessToken(function(err, tokens) {
if (err) return next(err);
//save the new token and expiry_date
usersCollection.findOneAndUpdate(
{ "googleId": req.user.googleId },
{$set:{
"accessToken": tokens.access_token,
"idToken": tokens.id_token,
"expiryDate": tokens.expiry_date,
"refreshToken": tokens.refresh_token
}},
{ upsert: true },
function(err, doc) {
if (err) return next(err);
next();
}
);
});
}
next();
};