This is a Xero OAuth2 authentication strategy for Passport.js. Passport is authentication middleware for Node.js that can be unobtrusively dropped into any Express-based web application.
The Xero Passport strategy is installed with npm.
npm install passport-xero-oauth2
The Xero Passport strategy enforces the use of the state parameter in OAuth 2.0 authorization requests and requires session support in Express to be enabled.
If you require the state parameter to be omitted (which is not recommended), you can suppress it when calling the Xero Passport strategy constructor:
const XeroStrategy = require('passport-xero-oauth2');
const strategy = new XeroStrategy({
// ...
state: false
},
function(accessToken, refreshToken, extraParams, profile, done) {
// ...
}
);If you want to change the scope of the ID token provided, add a scope property to the authenticate configuration passed when defining the route.
app.get(
'/login',
passport.authenticate('xero', {scope: 'openid email profile'}),
function (req, res) {
res.redirect('/');
}
);This project is licensed under the MIT license. See the LICENSE file for more info.