Search code examples
node.jsoauthpassport.jspassport-facebookpassport-twitter

Passport.js OAuth 2.0 to use bearers

I'm trying to implement the Google OAuth Passport.js strategy but due to the lack of documentation and examples, I can't seem to able to answer certain questions.

My application is using bearers rather than cookies for security and technological reasons.

The single example available on the passport-google-oauth GitHub page doesn't explain certain things like:

  • how a bearer strategy implementation could replace cookies in this scenario ?
  • how do I obtain the expiration time of the Google token ?
  • what should I do with accessToken and refreshToken ?

I really don't want to use cookies because that would create a second authorization system that is a duplicate of the bearer strategy already in place.

This question could be applied to other passport OAuth strategies like Twitter and Facebook.

Solution

  • I managed to find all the answers needed in this excellent blog post:

    http://jeroenpelgrims.com/token-based-sessionless-auth-using-express-and-passport/

    and the corresponding source code:

    https://bitbucket.org/resurge/sessionless-token-auth-with-express/src/6e94c2ea59591e75b074ff6acc89442065d33007/app.js?at=master

    Thanks to Jeroen Pelgrims!