Passport Oauth2 successful but no JSON


#1

Hi,

I am not a developer. I was using PassportJS to learn/play around with API authorisation, and using a boilerplate passport strategy (‘passport-twitch’) I could successfully get an access token, refresh token, and profile data. However I think it was using v5 (it said Kraken) auth endpoints so I switched to a generic passport OAuth2 strategy (‘passport-oauth2’) to use Helix. I successfully get an access token, refresh token, but the JSON returned is empty.

const express = require(“express”);
const passport = require(“passport”);
const OAuth2Strategy = require(“passport-oauth2”).Strategy;

const keys = require("./config/keys");

const app = express();
const PORT = process.env.PORT || 5000;

passport.use(new OAuth2Strategy({
authorizationURL: “https://id.twitch.tv/oauth2/authorize”,
tokenURL: “https://id.twitch.tv/oauth2/token”,
clientID: keys.twitchAuthID,
clientSecret: keys.twitchAuthSecret,
callbackURL: “/auth/twitch/callback”,
scope: “”
},
(accessToken, refreshToken, profile, cb) => {
console.log(“ACCESS TOKEN: \n”, accessToken);
console.log(“REFRESH TOKEN: \n”, refreshToken);
console.log(“PROFILE: \n”, profile.data);
//profile returns no data
}
));

app.get("/auth/twitch", passport.authenticate(“oauth2”));

app.get("/auth/twitch/callback", passport.authenticate(“oauth2”, {failureRedirect: “/failed”}), (req, res) => {
// Successful authentication
res.redirect("/");
//console.log(res.status(OK, 200));
//console.log(“successful auth”)
})

app.listen(PORT, () => {
console.log(“Server ready on http://www.localhost:”+PORT+"/");
});

Response in console:

ACCESS TOKEN:
REMOVED
REFRESH TOKEN:
REMOVED
PROFILE:
{}

Again, I am not a developer so is this intended, what should I do next to retrieve data, how should I learn (the API documentation doesn’t really help me as I probably don’t have the knowledge to use the info there) ? Thank you :slight_smile:


#2

I removed the access and refresh tokens that you leaked. This should be kept secret they are literally passwords…

I’m unfamiliar with passport, but it seems like you didn’t tell password where it could get and fetch profile so it didn’t go and fetch any data to populate profile with.


#3

I removed the access and refresh tokens that you leaked. This should be kept secret they are literally passwords…

Oh, they were replaced by another request so the tokens I posted weren’t the latest ones (expired?), that is fine right?

I’m unfamiliar with passport, but it seems like you didn’t tell password where it could get and fetch profile so it didn’t go and fetch any data to populate profile with.

OK, I will try to look into this. Please don’t close the thread yet, thank you.


#4

Nope, no replacement, they just die when the expires_at is met if you don’t have a legacy clientID.


#5

I’m unfamiliar with passport, but it seems like you didn’t tell password where it could get and fetch profile so it didn’t go and fetch any data to populate profile with.

So I’ve looked at the code for the Passport strategy where it constructs a profile JSON. I have tried to update the request so it fits: https://dev.twitch.tv/docs/api/reference/#get-users but I’m not sure if I am adding a Bearer token properly, or what I should be trying to solve now?

User profile constructor: (npm git file: https://github.com/Schmoopiie/passport-twitch/blob/master/lib/passport-twitch/oauth2.js)

Strategy.prototype.userProfile = function(accessToken, done) {
this._oauth2.get(“https://api.twitch.tv/helix/users”, { Header: 'Authorization: Bearer ’ + accessToken }, function (err, body, res) {
if (err) { return done(new InternalOAuthError(“failed to fetch user profile”, err)); }

    try {
        var json = JSON.parse(body);

        //var profile = { provider: "twitch" };
        // profile.id = json._id;
        // profile.username = json.name;
        // profile.displayName = json.display_name;
        // profile.email = json.email;

        // profile._raw = body;
        // profile._json = json;

        var profile = json;
        done(null, profile);
    } catch(e) {
        done(e);
    }
});

};

Error:

InternalOAuthError: failed to fetch user profile
at C:…\node_modules\passport-twitch\lib\passport-twitch\oauth2.js:76:32


#6

Solution: I found a Passport JS strategy for the new Helix API (https://www.npmjs.com/package/passport-twitch-new), only thing to note is that the optional scope: "user_read" should be empty as that syntax is no longer used (works with it anyway).