I didn’t want to make it toooooo easy for you…
Heres a more useful/rubbishy example of using OIDC (I’ll probably submit this as a docs example when cleaned up)
const request = require('request');
const IdTokenVerifier = require('idtoken-verifier');
/* OIDC */
let oidc_data;
let verifier;
request.get({
url: 'https://id.twitch.tv/oauth2/.well-known/openid-configuration',
json: true
}, function(e, r, b) {
if (e) {
console.log(e);
process.exit();
} else if (r.statusCode == 200) {
console.log('Got openid config');
oidc_data = b;
verifier = new IdTokenVerifier({
issuer: oidc_data.issuer,
audience: config.twitch.client,
jwksURI: oidc_data.jwks_uri
});
} else {
console.log('Got a ' + r.statusCode);
process.exit();
}
});
/* SNIP */
app.get('/login/', function(req, res) {
var error = req.query.error ? req.query.error : false;
if (error) {
res.render('error', { error: {error: 'Twitch Hiccuped! ' + error} });
} else {
var code = req.query.code ? req.query.code : false;
var scope = req.query.scope ? req.query.scope : false;
var state = req.query.state ? req.query.state : false;
if (code) {
request.post({
url: oidc_data.token_endpoint,
headers: {
'Accept': 'application/json'
},
body: {
client_id: config.twitch.client,
client_secret: config.twitch.secret,
code: code,
grant_type: 'authorization_code',
redirect_uri: config.twitch.redirect
},
gzip: true,
json: true
}, function(e, r, b) {
if (e) {
console.log(e);
res.render('error', { error: {error: 'Twitch Hiccuped!'} });
return;
} else if (r.statusCode == 200) {
req.session.twitch = b;
req.session.user = {};
verifier.verify(b.id_token, null, function(error, payload) {
if (error) {
console.log('Error', error);
res.render('error', { error: {error: 'twitch hiccuped!'} });
} else {
console.log('Login from', payload.sub);
request.post({
url: oidc_data.userinfo_endpoint,
headers: {
'Accept': 'application/json',
'Authorization': 'Bearer ' + req.session.twitch.access_token,
},
gzip: true,
json: true
}, function(e, r, b) {
if (e) {
console.log(e);
res.render('error', { error: {error: 'twitch hiccuped!'} });
} else if (r.statusCode == 200) {
//console.log('headers', r.headers);
console.log('Userinfo', b);
req.session.user = b;
res.redirect('/');
return;
} else {
console.log('Failed on userinfo_endpoint', b);
res.render('error', { error: {error: 'twitch hiccuped!'} });
}
});
}
});
} else {
console.log('Token r: ' + r.statusCode);
res.render('error', { error: {error: 'twitch hiccuped!'} });
return;
}
});
return;
}
var url = oidc_data.authorization_endpoint
+ '?client_id=' + config.twitch.client
+ '&redirect_uri=' + config.twitch.redirect
+ '&response_type=code'
+ '&force_verify=true'
+ '&scope=' + oidc_data.scopes_supported.join('+')
+ '&claims=' + JSON.stringify({
userinfo: {
email:null,
email_verified:null,
picture:null,
preferred_username:null
}
});
res.redirect(url);
}
});
TLDR: init IdTokenVerifier with data from https://id.twitch.tv/oauth2/.well-known/openid-configuration