Reputation: 11830
Getting Access token validity
I am using passport to authenticate user into my application
I have created a passport strategy for the same
passport.use(new GoogleStrategy({
clientID: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
callbackURL: process.env.GOOGLE_CALLBACK_URL,
userProfileURL: 'https://www.googleapis.com/oauth2/v3/userinfo',
accessType: 'offline'
}, (accessToken, refreshToken, profile, cb) => {
console.log(refreshToken)
let profileSort = extractProfile(profile)
mongooeHelperFunction.findUserByEmail(profileSort.email).then(response => {
if (!response) {
mongooeHelperFunction.createNewUser(profileSort)
.then(res => {
let newRes = {...res}
newRes["accessToken"] = accessToken
cb(null, newRes)
})
.catch(error => { throw error })
} else {
let newRes = {...response}
newRes["accessToken"] = accessToken
cb(null, newRes)
}
})
.catch(error => { throw error })
}
))
(the above is very similar to passport strategy we usually create)
To get refresh token above, I am doing this in my api route
router.get("/google", passport.authenticate('google', {accessType: 'offline', prompt: 'consent', scope: ['profile', 'email', 'https://mail.google.com/' ] }));
Question: This does give me an access token. How can I know when the access token will expire?
My initial goal is to get a new access token via refresh token whenever the access token is expired.
Can anyone help me how can I achieve this?
Upvotes: 2
Views: 1072
Answers (2)
Reputation: 151
To add to the above answer, oauth2 jwt tokens are encoded not encrypted, hence you can easily read the expiry time by decoding the token. There are 2 common ways to verify if the token is expired, using standard jwt libraries. I use https://www.npmjs.com/package/jsonwebtoken
Assuming you have the public key or secret, use the verify method to check if token is expired. This throws an error if you are using an expired token.
var jwt = require('jsonwebtoken');
var token ='eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJpYXQiOjE1NDYzOTYxMDYsImV4cCI6MTU0NjM5NjEwN30.qFeaKny2Ruk7ZeZsHGpPcw6aksyZHUfDOmb6EvgiGIo';
var verified = jwt.verify(token, 'secret');
Decode the token using the decode method. You can get the expiry time from the exp field in the decoded object
var jwt = require('jsonwebtoken');
var token ='eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJpYXQiOjE1NDYzOTYxMDYsImV4cCI6MTU0NjM5NjEwN30.qFeaKny2Ruk7ZeZsHGpPcw6aksyZHUfDOmb6EvgiGIo';
var decoded = jwt.decode(token);
console.log('Expiry timestamp----------->', decoded.exp);
Also for testing this make sure you set the expiry time while creating the JWT
var jwt = require('jsonwebtoken');
var token = jwt.sign({ foo: 'bar' }, 'secret', {expiresIn: '1h'});
You can read more about JWTs here https://jwt.io/introduction/
Upvotes: 2
Reputation: 1497
OAuth tokens contain all the information in them in an encrypted format. They are a form of JWT tokens and you can easily decrypt your token here.
For programmatic purposes, you can parse the JWT using npm pakcages. One of the best implementations is by Auth0 and that should help you avoid writing manual decryption algorithms.
Upvotes: 1
Related Questions
- Check if token expired using this JWT library
- Node.js - Express.js JWT, how to check token expired or not?
- Passport-jwt token expiration
- PassportJS Validates Expired JWT
- passport-jwt token cannot Authorized
- how to verify jwt token in nodejs / never expire?
- nodejs passport authentication token
- Can we get access token from authorization code in passport js
- Authenticating node API with passport-jwt
- ExpressJS API Token Authentication