UNPKG

remix-auth-github

Version:

A strategy to implement login with GitHub in Remix Auth.

github.com/sergiodxa/remix-auth-github

sergiodxa/remix-auth-github

150 lines (110 loc) 4.96 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# GitHubStrategy A Remix Auth's strategy for GitHub Apps and OAuth Apps ## Supported runtimes | Runtime | Has Support | | ---------- | ----------- | | Node.js | | | Cloudflare | | ## How to use ### Installation ```bash npm add remix-auth remix-auth-github ``` ### Create an OAuth application Follow the steps on [the GitHub documentation](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app) to create a new application and get a client ID and secret. ### Usage You can use this strategy by adding it to your authenticator instance and configuring the correct endpoints. ```ts export let authenticator = new Authenticator<User>(); authenticator.use( new GitHubStrategy( { clientId: CLIENT_ID, clientSecret: CLIENT_SECRET, redirectURI: "https://example.app/auth/callback", scopes: ["user:email"], // optional }, async ({ tokens, request }) => { // here you can use the params above to get the user and return it // what you do inside this and how you find the user is up to you return await getUser(tokens, request); } ), // this is optional, but if you setup more than one GitHub instance you will // need to set a custom name to each one, by default is "github" "provider-name" ); ``` Then you will need to setup your routes, for the OAuth2 flows you will need to call the `authenticate` method twice. First, you will call the `authenticate` method with the provider name you set in the authenticator. ```ts export async function action({ request }: Route.ActionArgs) { await authenticator.authenticate("provider-name", request); } ``` > [!NOTE] > This route can be an `action` or a `loader`, it depends if you trigger the flow doing a POST or GET request. This will start the OAuth2 flow and redirect the user to the provider's login page. Once the user logs in and authorizes your application, the provider will redirect the user back to your application redirect URI. You will now need a route on that URI to handle the callback from the provider. ```ts export async function loader({ request }: Route.LoaderArgs) { let user = await authenticator.authenticate("provider-name", request); // now you have the user object with the data you returned in the verify function } ``` > [!NOTE] > This route must be a `loader` as the redirect will trigger a `GET` request. Once you have the `user` object returned by your strategy verify function, you can do whatever you want with that information. This can be storing the user in a session, creating a new user in your database, link the account to an existing user in your database, etc. ### Using the Refresh Token The strategy exposes a public `refreshToken` method that you can use to refresh the access token. ```ts let strategy = new GitHubStrategy<User>(options, verify); let tokens = await strategy.refreshToken(refreshToken); ``` The refresh token is part of the `tokens` object the verify function receives. How you store it to call `strategy.refreshToken` and what you do with the `tokens` object after it is up to you. The most common approach would be to store the refresh token in the user data and then update the session after refreshing the token. ```ts authenticator.use( new GitHubStrategy<User>( options, async ({ tokens, request }) => { let user = await getUser(tokens, request); return { ...user, accessToken: tokens.accessToken() refreshToken: tokens.hasRefreshToken() ? tokens.refreshToken() : null, } } ) ); // later in your code you can use it to get new tokens object let tokens = await strategy.refreshToken(user.refreshToken); ``` ### Get user profile Once you have the OAuth2 tokens object, you can use the access token to get the [user profile from GitHub's API](https://docs.github.com/en/rest/users/users?apiVersion=2022-11-28#get-the-authenticated-user). ```ts let response = await fetch("https://api.github.com/user", { headers: { Accept: "application/vnd.github+json", Authorization: `Bearer ${tokens.accessToken()}`, "X-GitHub-Api-Version": "2022-11-28", }, }); let user = await response.json(); // Somehow parse the user object to ensure it has the correct shape ``` ### Get user email Similarly, you can use the access token to get the [user's email from GitHub's API](https://docs.github.com/en/rest/users/emails?apiVersion=2022-11-28#list-email-addresses-for-the-authenticated-user). > [!IMPORTANT] > You will need to request the `user:email` scope when authenticating the user. ```ts let response = await fetch("https://api.github.com/user/emails", { headers: { Accept: "application/vnd.github+json", Authorization: `Bearer ${tokens.accessToken()}`, "X-GitHub-Api-Version": "2022-11-28", }, }); let emails = await response.json(); // Somehow parse the emails object to ensure it has the correct shape ```