Digging Bedrock and some feedback

[cameronelliott]

Hey guys, I reviewed all the main auth libs for Deno I could find, and I choose Bedrock.
(for a few reasons: recent activity, dual auth (local/oauth), and the use of oak_sessions seems nice also)
So, it seems like the best of the bunch for me anyway. 😄

I am a very inexperienced JS dev, but I got things working it seems.
I had some feedback I wanted to share:

1. A fully working OAuth example (my use case for now) and Local example would help massively for people at my stage of learning.
2. To me, the example handlers for /secret seem incomplete (for OAuth). I needed to gate on ctx.state.authSuccess to have the output/console.log output make any sense, and honestly, nothing made any sense to me until I figured this out by dumping the state and reviewing the source.

Here is what I ended up with for the /secret handler:

OAuthRouter.get("/secret", Bedrock.verifyAuth, (ctx: Context) => {
  console.log("Secret page");
  if (ctx.state.authSuccess) {
    ctx.response.body = "Secret obtained!";
  } else {
    ctx.response.body = "Not authenticated, secret not revealed!";
  }
  ctx.response.status = 200;
  return;
});

Here is my full OAuth example. I know all this Oak/routing/etc stuff is simple to you guys, but, again for newer JS developers, a fully worked example can be a lifesaver.
Actually, this could be improved by putting links on the homepage, etc, etc. But it's late and I'm a bit tired.
Please let me know your thoughts and/or feedback, and I appreciate you guys having created this lib!! Cam

import {
  Application,
  Context,
  Router,
} from "https://deno.land/x/oak@v10.5.1/mod.ts";
import { Session } from "https://deno.land/x/oak_sessions@v3.5.1/mod.ts";
import { init } from "https://deno.land/x/bedrock@v1.0.3/mod.ts";

type AppState = {
  session: Session;
};
const app = new Application<AppState>();

app.addEventListener("error", (evt) => {
  console.log(evt.error);
});

const session = new Session();

// Apply sessions to your Oak application. You can also apply the middleware to specific routes instead of the whole app.
app.use(session.initMiddleware());

const OAuthRouter = new Router<AppState>();
const Bedrock = init({
  provider: "Google", //example
  client_id: Deno.env.get("GOOG_CLIENT_ID")!,
  client_secret: Deno.env.get("GOOG_CLIENT_SECRET")!,
  redirect_uri: Deno.env.get("GOOG_AUTH_CALLBACK_URL")!,
  scope: "https://www.googleapis.com/auth/userinfo.email", //example
  prompt: "consent",
});

OAuthRouter.get("/", (context) => {
  context.response.body = "Hello world!";
});

OAuthRouter.get("/OAuth", Bedrock.sendRedirect);

OAuthRouter.get("/OAuth/google", Bedrock.getToken, (ctx: Context) => {
  console.log("Successfully logged in via OAuth");
  ctx.response.body = "Now logged in via OAuth, also have access token";
  ctx.response.redirect("/secret");
  return;
});

OAuthRouter.get("/secret", Bedrock.verifyAuth, (ctx: Context) => {
  console.log("Secret page");
  if (ctx.state.authSuccess) {
    ctx.response.body = "Secret obtained!";
  } else {
    ctx.response.body = "Not authenticated, secret not revealed!";
  }
  ctx.response.status = 200;
  return;
});

OAuthRouter.get("/signout", Bedrock.signOut, (ctx: Context) => {
  console.log("Successfully signed out");
  ctx.response.redirect("/");
  return;
});

app.use(OAuthRouter.routes());
app.use(OAuthRouter.allowedMethods());

app.listen({ port: 8002 });

[va1dez]

Good afternoon Cameron! Thank you for the feedback - I discussed it with the team and we're all in agreement and will be implementing some changes to outline more clearly what's going on with the auth flow, but it looks like you got it figured out. I'll keep this issue open until we make the changes sometime this week and circle back for your feedback. We want to ensure our library is usable and accessible to all so anything that can make the developer experience better is of utmost importance to us.

If you have any other questions, feel free to send me an email at anthony@va1dez.com and I'll be glad to help you in any way I can!