UNPKG

@indiekit/endpoint-auth

Version:

IndieAuth authentication and authorization endpoint for Indiekit. Grants and verifies access tokens and authenticates users.

getindiekit.com

getindiekit/indiekit

30 lines (26 loc) 907 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
import { signToken } from "../token.js"; export const tokenController = { /** * Authorization code request * * Redeem verified authorization code for an access token. * @type {import("express").RequestHandler} * @see {@link https://indieauth.spec.indieweb.org/#redeeming-the-authorization-code} * @see {@link https://indieauth.spec.indieweb.org/#access-token-response} */ post(request, response) { const { me, scope } = request.verifiedToken; const tokenData = { me, ...(scope && { scope }) }; const accessToken = { access_token: signToken(tokenData, "90d"), token_type: "Bearer", ...tokenData, }; if (request.accepts("application/json")) { response.json(accessToken); } else { response.set("content-type", "application/x-www-form-urlencoded"); response.send(new URLSearchParams(accessToken).toString()); } }, };