A login
action, saves a session state token, redirects to OAuth sign-on.
const redis = require('nim').redis()
function login(auth0, args) {
const state = generateSessionToken()
const {code_verifier, code_challenge} = verifierAndChallenge()
return redis
.setAsync(state, code_verifier)
.then(_ => {
let url = getAuthorizationCode({
...auth0.config,
state,
code_challenge
})
An authorization
action as the OAuth call back, retrieves stored session state and confirms the callback is valid.
const redis = require('nim').redis()
function authorize(auth0, decode, args) {
const state = args.state
const authorization_code = args.code
if (state) {
return redis
.getAsync(state)
.then(code_verifier => {
if (code_verifier && args.error !== 'unauthorized') {
return getToken({
...auth0.config,
authorization_code,
code_verifier
}).then(...)