@thepineappledev/discord-express-auth
TypeScript icon, indicating that this package has built-in type declarations

0.1.15 • Public • Published

discord-express-auth

A basic package to use discord oauth2 to authenticate users in express

Before being able to use the functionality, first the package has to be configured:

DiscordAuth.configure({
    clientId: process.env.CLIENT_ID as string,
    clientSecret: process.env.CLIENT_SECRET as string,
    tokenSecret: process.env.TOKEN_SECRET as string,
    scope: 'identify guilds',
});

Then several things can be done

An authorization code can be retrieved (this is an endpoint)

app.get('/authorize', DiscordAuth.authorize);

This expects a (get) request with a redirect_uri queryParameter passed.


Generating a jwt token based on an authorization token (this is an endpoint):

app.get('/login', DiscordAuth.authCodeToJwtToken);

This will take a (get) request which contains a whitelisted redirect_uri for your discord application, and the authorization code with which you want to log in.

This will set a cookie access_token which is a jsonwebtoken encrypted with the tokenSecret specified in configure. This JWT token will store:

  • user id
  • user name
  • access_token for accessing discord api
  • refresh_token for refreshing access to the discord api.
  • scope access
  • token type (bearer)

The valid duration of the jwt token cannot yet be set and is current 93 days.


Identifying a user based on a jwt token (this is middleware) which will give access to all of the details stored in the Jsonwebtoken mentioned above.

router.get('/id', DiscordAuth.identify, async (req: ISessionAuthRequest, res: Response) => {
  ...
}

reAuthorization can be done when a call to the discord api fails because the discord token timed out. (this is a custom function and neither middleware nor an endpoint.

  ...
  if(discordApiRequest.statusCode === 401) {
    DiscordAuth.reAuth(request, response, next, currentFunction);
  }
  ...

This will attempt to update the access_token and refresh_token and then re-execute the function that is passed, which can be the current function.

If the discord authentication fails then it will close the response with a 401.


Log the user out (this is an endpoint)

app.get('/logout', DiscordAuth.logout);

This will attempt to revoke both the access and refresh tokens with discord, and will clear the cookie in the response.

Readme

Keywords

none

Package Sidebar

Install

npm i @thepineappledev/discord-express-auth

Weekly Downloads

13

Version

0.1.15

License

ISC

Unpacked Size

20.7 kB

Total Files

12

Last publish

Collaborators

  • jordyjordy