`getAccessTokenFromRefreshToken` expects `refresh_token` to be of type `Token` instead of `string`

[frixaco]

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

4.4.0

Plugin version

6.0.0

Node.js version

16.6.0

Operating system

macOS

Operating system version (i.e. 20.04, 11.3, 10)

12.3.1

Description

Hello! I'm new to Fastify. Currently trying to set up Github OAuth2 and I can't renew my access token using refresh token with getNewAccessTokenUsingRefreshToken because the method expects Token instead of string. Here's simple snippet:

const refresh_token = request.body.refresh_token; // string
const newToken = await fastify.githubOAuth2.getNewAccessTokenUsingRefreshToken(refresh_token, {});

gives type error Argument of type 'string' is not assignable to parameter of type 'Token'.

I tried fixing the type error as follows, but I'm getting { "error": "bad_refresh_token", "error_description": "The refresh token passed is incorrect or expired." } error response:

const newToken =await fastify.githubOAuth2.getNewAccessTokenUsingRefreshToken(
  {
    access_token: expiredAccessToken, // string   <-- passing not expired access token also doesn't work
    refresh_token: refreshToken, // string
    token_type: "bearer",
    expires_in: eightHoursFromNow, // number (seconds)
    expires_at: new Date(eightHoursFromNow),
  },
  {},
);

Maybe I'm doing something wrong? I would highly appreciate any help/tips/ideas.

Steps to Reproduce

// index.ts
import fastify, {
  FastifyInstance,
  FastifyReply,
  FastifyRequest,
} from "fastify";
import fp, { PluginMetadata } from "fastify-plugin";

const app = fastify();
app.register(fastifyOauth2, {
  name: "githubOAuth2",
  credentials: {
    client: {
      id: process.env.GITHUB_CLIENT_ID,
      secret: process.env.GITHUB_CLIENT_SECRET,
    },
    auth: fastifyOauth2.GITHUB_CONFIGURATION,
  },
  startRedirectPath: "/login/oauth/github",
  callbackUri: "http://localhost:4000/login/oauth/github/callback",
  scope: [],
});
app.register(
  fp(async function (fastify: FastifyInstance, opts: PluginMetadata) {
    fastify.decorate(
      "verifyUser",
      async function ( request: FastifyRequest<{Body: { refreshToken: string } }>, reply: FastifyReply, next: (error?: object) => void) {
        const refreshToken = request.body.refreshToken;
        const newToken = await fastify.githubOAuth2.getNewAccessTokenUsingRefreshToken(refreshToken, {});
        next();
      }
    )}))

app.register(import("@fastify/auth"));
app.after((err) => {});
app.register(fp(privateRoutes));

app.listen({ port: PORT });

// privateRoutes.ts
import { FastifyInstance, FastifyPluginOptions } from "fastify";

export async function privateRoutes( fastify: FastifyInstance, options: FastifyPluginOptions ) {
  fastify.get<{ Body: { refreshToken: string, .... } }>(
    "/project",
    { preHandler: fastify.auth([fastify.verifyUser]) },
    async function (request, reply) {
      reply.send({ success: true });
    },
  );
}

Expected Behavior

Passing refreshToken which is string to await fastify.githubOAuth2.getNewAccessTokenUsingRefreshToken(refreshToken, {}) should give me new access token.

[frixaco]

Nvm, after getting a good sleep and taking a look at simple-oauth2 docs, I found the issue was in my code (rtfm).
I just had to pass a valid Token object and set all fields to valid values (for Github at least) :)

[climba03003]

simple-oauth2 actually have a great changes on code in the latest version.
The code flow is not as simple as before.

You are now required to store the whole access token object and bring it back in order to refresh.
I notice this problem when I do the upgrade.

import { Fastify } from 'fastify'
import FastifyOAuth2 from '@fastify/oauth2'

const fastify = Fastify()

app.register(FastifyOAuth2, {
  name: "githubOAuth2",
  credentials: {
    client: {
      id: '<CLIENT_ID>',
      secret: '<CLIENT_SECRET>'
    },
    auth: FastifyOAuth2.GITHUB_CONFIGURATION
  },
  startRedirectPath: "/login/github",
  callbackUri: "http://localhost:3000/login/github/callback",
  scope: [],
});

const memStore = new Map()

async function saveAccessToken(token) {
  // any database or in-memory operation here
  // we use in-memory variable here
  memStore.set(token.refresh_token, token)
}

async function retrieveAccessToken(token) {
  // remove Bearer if needed
  if (token.startsWith('Bearer ')) token = token.substring(6)
  // any database or in-memory operation here
  // we use in-memory variable here
  if (memStore.has(token)) memStore.get(token)
  throw new Error('invalid refresh token')
}

fastify.get('/login/github/callback', async function (request, reply) {
  const token = await this.githubOAuth2.getAccessTokenFromAuthorizationCodeFlow(request)

  console.log(token.access_token)
  
  // you should store the `token` for further usage
  await saveAccessToken(token)

  // if later you need to refresh the token you can use
  // const newToken = await this.githubOAuth2.getNewAccessTokenUsingRefreshToken(token)

  reply.send({ access_token: token.access_token })
})

fastify.put('/login/github', async function(request, reply) {
  // we assume the token is passed by authorization header
  const refresh_token = await retrieveAccessToken(request.headers['authorization'])
  const newToken = await this.githubOAuth2.getNewAccessTokenUsingRefreshToken(token)
  
  // we save the token again
  await saveAccessToken(newToken)
  
  reply.send({ access_token: newToken.access_token })
})