add request to getToken param, allow custom hooks around getTokens

WilsonLe · WilsonLe · commit a6b0afd6c858 · 2024-12-16T11:24:17.000-05:00
diff --git a/README.md b/README.md
@@ -21,10 +21,10 @@
 
 Technically this plugin should work with all generic OAuth2 providers. Here are the list of providers that have been tested:
 
-| Provider | Status                                                                                                                                                                                                      | Example                        |
-| -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
-| Google   | [![Test Google OAuth](https://github.com/WilsonLe/payload-oauth2/actions/workflows/test-google-oauth.yml/badge.svg)](https://github.com/WilsonLe/payload-oauth2/actions/workflows/test-google-oauth.yml)    | [Config](./examples/google.md) |
-| Zitadel  | [![Test Zitadel OAuth](https://github.com/WilsonLe/payload-oauth2/actions/workflows/test-zitadel-oauth.yml/badge.svg)](https://github.com/WilsonLe/payload-oauth2/actions/workflows/test-zitadel-oauth.yml) | [Config](./examples/zitadel.md) |
+| Provider | Status                                                                                                                                                                                                      | Example                         |
+| -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- |
+| Google   | [![Test Google OAuth](https://github.com/WilsonLe/payload-oauth2/actions/workflows/test-google-oauth.yml/badge.svg)](https://github.com/WilsonLe/payload-oauth2/actions/workflows/test-google-oauth.yml)    | [Config](./examples/google.ts)  |
+| Zitadel  | [![Test Zitadel OAuth](https://github.com/WilsonLe/payload-oauth2/actions/workflows/test-zitadel-oauth.yml/badge.svg)](https://github.com/WilsonLe/payload-oauth2/actions/workflows/test-zitadel-oauth.yml) | [Config](./examples/zitadel.ts) |
 
 # Installation
 
diff --git a/dev/src/payload.config.ts b/dev/src/payload.config.ts
@@ -4,7 +4,8 @@ import path from "path";
 import { buildConfig } from "payload";
 import sharp from "sharp";
 import { fileURLToPath } from "url";
-import { OAuth2Plugin } from "../../src/plugin";
+import { googleOAuth } from "../../examples/google";
+import { zitadelOAuth } from "../../examples/zitadel";
 import Users from "./collections/Users";
 import { migrations } from "./migrations";
 
@@ -33,90 +34,6 @@ export default buildConfig({
   editor: lexicalEditor({}),
   collections: [Users],
   typescript: { outputFile: path.resolve(dirname, "payload-types.ts") },
-  plugins: [
-    ////////////////////////////////////////////////////////////////////////////
-    // Google OAuth
-    ////////////////////////////////////////////////////////////////////////////
-    OAuth2Plugin({
-      enabled:
-        typeof process.env.GOOGLE_CLIENT_ID === "string" &&
-        typeof process.env.GOOGLE_CLIENT_SECRET === "string",
-      strategyName: "google",
-      useEmailAsIdentity: true,
-      serverURL: process.env.NEXT_PUBLIC_URL || "http://localhost:3000",
-      clientId: process.env.GOOGLE_CLIENT_ID || "",
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET || "",
-      authorizePath: "/oauth/google",
-      callbackPath: "/oauth/google/callback",
-      authCollection: "users",
-      tokenEndpoint: "https://oauth2.googleapis.com/token",
-      scopes: [
-        "openid",
-        "https://www.googleapis.com/auth/userinfo.email",
-        "https://www.googleapis.com/auth/userinfo.profile",
-      ],
-      providerAuthorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
-      getUserInfo: async (accessToken: string) => {
-        const response = await fetch(
-          "https://www.googleapis.com/oauth2/v3/userinfo",
-          { headers: { Authorization: `Bearer ${accessToken}` } },
-        );
-        const user = await response.json();
-        return { email: user.email, sub: user.sub };
-      },
-      successRedirect: (req) => {
-        return "/admin";
-      },
-      failureRedirect: (req, err) => {
-        req.payload.logger.error(err);
-        return "/admin/login";
-      },
-    }),
-    ////////////////////////////////////////////////////////////////////////////
-    // Zitadel OAuth
-    ////////////////////////////////////////////////////////////////////////////
-    OAuth2Plugin({
-      enabled:
-        typeof process.env.ZITADEL_CLIENT_ID === "string" &&
-        typeof process.env.ZITADEL_CLIENT_SECRET === "string" &&
-        typeof process.env.ZITADEL_TOKEN_ENDPOINT === "string" &&
-        typeof process.env.ZITADEL_AUTHORIZATION_URL === "string" &&
-        typeof process.env.ZITADEL_USERINFO_ENDPOINT === "string",
-      strategyName: "zitadel",
-      useEmailAsIdentity: true,
-      serverURL: process.env.NEXT_PUBLIC_URL || "http://localhost:3000",
-      clientId: process.env.ZITADEL_CLIENT_ID || "",
-      clientSecret: process.env.ZITADEL_CLIENT_SECRET || "",
-      authorizePath: "/oauth/zitadel",
-      callbackPath: "/oauth/zitadel/callback",
-      authCollection: "users",
-      tokenEndpoint: process.env.ZITADEL_TOKEN_ENDPOINT || "",
-      scopes: [
-        "openid",
-        "profile",
-        "email",
-        "offline_access",
-        "urn:zitadel:iam:user:metadata",
-      ],
-      providerAuthorizationUrl: process.env.ZITADEL_AUTHORIZATION_URL || "",
-      getUserInfo: async (accessToken: string) => {
-        const response = await fetch(
-          process.env.ZITADEL_USERINFO_ENDPOINT || "",
-          {
-            headers: { Authorization: `Bearer ${accessToken}` },
-          },
-        );
-        const user = await response.json();
-        return { email: user.email, sub: user.sub };
-      },
-      successRedirect: (req) => {
-        return "/admin";
-      },
-      failureRedirect: (req, err) => {
-        req.payload.logger.error(err);
-        return "/admin/login";
-      },
-    }),
-  ],
+  plugins: [googleOAuth, zitadelOAuth],
   sharp,
 });
diff --git a/examples/google.md b/examples/google.md
diff --git a/examples/google.ts b/examples/google.ts
@@ -0,0 +1,69 @@
+import { PayloadRequest } from "payload";
+import { OAuth2Plugin, defaultGetToken } from "../src/index";
+
+////////////////////////////////////////////////////////////////////////////////
+// Google OAuth
+////////////////////////////////////////////////////////////////////////////////
+export const googleOAuth = OAuth2Plugin({
+  enabled:
+    typeof process.env.GOOGLE_CLIENT_ID === "string" &&
+    typeof process.env.GOOGLE_CLIENT_SECRET === "string",
+  strategyName: "google",
+  useEmailAsIdentity: true,
+  serverURL: process.env.NEXT_PUBLIC_URL || "http://localhost:3000",
+  clientId: process.env.GOOGLE_CLIENT_ID || "",
+  clientSecret: process.env.GOOGLE_CLIENT_SECRET || "",
+  authorizePath: "/oauth/google",
+  callbackPath: "/oauth/google/callback",
+  authCollection: "users",
+  tokenEndpoint: "https://oauth2.googleapis.com/token",
+  scopes: [
+    "openid",
+    "https://www.googleapis.com/auth/userinfo.email",
+    "https://www.googleapis.com/auth/userinfo.profile",
+  ],
+  providerAuthorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+  getUserInfo: async (accessToken: string) => {
+    const response = await fetch(
+      "https://www.googleapis.com/oauth2/v3/userinfo",
+      { headers: { Authorization: `Bearer ${accessToken}` } },
+    );
+    const user = await response.json();
+    return { email: user.email, sub: user.sub };
+  },
+  /**
+   * This param is complete optional to demonstrate customize your own
+   * `getToken` function (i.e. add hooks to run after getting the token)
+   * Leave this blank should you wish to use the default getToken function
+   */
+  getToken: async (code: string, req: PayloadRequest) => {
+    const redirectUri = `${process.env.NEXT_PUBLIC_URL || "http://localhost:3000"}/api/users/oauth/google/callback`;
+    const token = await defaultGetToken(
+      "https://oauth2.googleapis.com/token",
+      process.env.GOOGLE_CLIENT_ID || "",
+      process.env.GOOGLE_CLIENT_SECRET || "",
+      redirectUri,
+      code,
+    );
+    ////////////////////////////////////////////////////////////////////////////
+    // Consider this section afterToken hook
+    ////////////////////////////////////////////////////////////////////////////
+    req.payload.logger.info("Received token: ${token} 👀");
+    if (req.user) {
+      req.payload.update({
+        collection: "users",
+        id: req.user.id,
+        data: {},
+      });
+    }
+
+    return token;
+  },
+  successRedirect: (req) => {
+    return "/admin";
+  },
+  failureRedirect: (req, err) => {
+    req.payload.logger.error(err);
+    return "/admin/login";
+  },
+});
diff --git a/examples/zitadel.md b/examples/zitadel.md
diff --git a/examples/zitadel.ts b/examples/zitadel.ts
@@ -0,0 +1,73 @@
+import { PayloadRequest } from "payload";
+import { OAuth2Plugin, defaultGetToken } from "../src/index";
+
+////////////////////////////////////////////////////////////////////////////////
+// Zitadel OAuth
+////////////////////////////////////////////////////////////////////////////////
+export const zitadelOAuth = OAuth2Plugin({
+  enabled:
+    typeof process.env.ZITADEL_CLIENT_ID === "string" &&
+    typeof process.env.ZITADEL_CLIENT_SECRET === "string" &&
+    typeof process.env.ZITADEL_TOKEN_ENDPOINT === "string" &&
+    typeof process.env.ZITADEL_AUTHORIZATION_URL === "string" &&
+    typeof process.env.ZITADEL_USERINFO_ENDPOINT === "string",
+  strategyName: "zitadel",
+  useEmailAsIdentity: true,
+  serverURL: process.env.NEXT_PUBLIC_URL || "http://localhost:3000",
+  clientId: process.env.ZITADEL_CLIENT_ID || "",
+  clientSecret: process.env.ZITADEL_CLIENT_SECRET || "",
+  authorizePath: "/oauth/zitadel",
+  callbackPath: "/oauth/zitadel/callback",
+  authCollection: "users",
+  tokenEndpoint: process.env.ZITADEL_TOKEN_ENDPOINT || "",
+  scopes: [
+    "openid",
+    "profile",
+    "email",
+    "offline_access",
+    "urn:zitadel:iam:user:metadata",
+  ],
+  providerAuthorizationUrl: process.env.ZITADEL_AUTHORIZATION_URL || "",
+  getUserInfo: async (accessToken: string) => {
+    const response = await fetch(process.env.ZITADEL_USERINFO_ENDPOINT || "", {
+      headers: { Authorization: `Bearer ${accessToken}` },
+    });
+    const user = await response.json();
+    return { email: user.email, sub: user.sub };
+  },
+  /**
+   * This param is complete optional to demonstrate customize your own
+   * `getToken` function (i.e. add hooks to run after getting the token)
+   * Leave this blank should you wish to use the default getToken function
+   */
+  getToken: async (code: string, req: PayloadRequest) => {
+    const redirectUri = `${process.env.NEXT_PUBLIC_URL || "http://localhost:3000"}/api/users/oauth/zitadel/callback`;
+    const token = await defaultGetToken(
+      process.env.ZITADEL_TOKEN_ENDPOINT || "",
+      process.env.ZITADEL_CLIENT_ID || "",
+      process.env.ZITADEL_CLIENT_SECRET || "",
+      redirectUri,
+      code,
+    );
+    ////////////////////////////////////////////////////////////////////////////
+    // Consider this section afterToken hook
+    ////////////////////////////////////////////////////////////////////////////
+    req.payload.logger.info("Received token: ${token} 👀");
+    if (req.user) {
+      req.payload.update({
+        collection: "users",
+        id: req.user.id,
+        data: {},
+      });
+    }
+
+    return token;
+  },
+  successRedirect: (req) => {
+    return "/admin";
+  },
+  failureRedirect: (req, err) => {
+    req.payload.logger.error(err);
+    return "/admin/login";
+  },
+});
diff --git a/src/callback-endpoint.ts b/src/callback-endpoint.ts
@@ -46,7 +46,7 @@ export const createCallbackEndpoint = (
       let access_token: string;
 
       if (pluginOptions.getToken) {
-        access_token = await pluginOptions.getToken(code);
+        access_token = await pluginOptions.getToken(code, req);
       } else {
         access_token = await defaultGetToken(
           pluginOptions.tokenEndpoint,
diff --git a/src/index.ts b/src/index.ts
@@ -1,2 +1,3 @@
+export { defaultGetToken } from "./default-get-token";
 export { OAuth2Plugin } from "./plugin";
 export type { PluginTypes } from "./types";
diff --git a/src/types.ts b/src/types.ts
@@ -119,7 +119,7 @@ export interface PluginTypes {
    *
    * Reference: `defaultGetToken` in `src/default-get-token.ts`
    */
-  getToken?: (code: string) => string | Promise<string>;
+  getToken?: (code: string, req: PayloadRequest) => string | Promise<string>;
 
   /**
    * Redirect users after successful login.

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
	`1`	`+export { defaultGetToken } from "./default-get-token";`
`1`	`2`	`export { OAuth2Plugin } from "./plugin";`
`2`	`3`	`export type { PluginTypes } from "./types";`
Original file line number	Diff line number	Diff line change
`@@ -119,7 +119,7 @@ export interface PluginTypes {`
`119`	`119`	`*`
`120`	`120`	* Reference: `defaultGetToken` in `src/default-get-token.ts`
`121`	`121`	`*/`
`122`		`- getToken?: (code: string) => string \| Promise<string>;`
	`122`	`+ getToken?: (code: string, req: PayloadRequest) => string \| Promise<string>;`
`123`	`123`
`124`	`124`	`/**`
`125`	`125`	`* Redirect users after successful login.`