Using remix-auth-oauth2 to integrate with other APIs

[07am]

Hi there,

There are tutorials to make this framework log a user into a webapp via auth0, but I'm curious if it's possible to use it to collect and store the refresh_token of other services on behalf of a user so a webapp can perform actions for users.

If so, would I use the same authenticator my user used to log into my webapp, or would I call a new authenticator to perform OAuth against another service?

Context

I'm working on a personal learning project where I successfully used remix-auth-auth0 to authenticate users to my webapp, and now I'm trying to figure out how to do something basic like have the webapp pull or create Git issues.

Before I can even play with APIs for that, as I understand it, generally I would need to:

1. Create an application ID and secret from the 3P service
2. Populate the scope of permissions
3. Send a completed request to the corresponding authorize endpoint
4. Collect the access and refresh token via a callback URL.
5. Store the refresh_token and treat like a long-lived password to generate new access_tokens when needed

Thank you so much!

[timalive]

This would be useful. Storage of the refresh token,automatically cache the access token, and refresh it when it gets close to expiry!

[sergiodxa]

You decide what to store in your session, and not all Remix Auth strategies use OAuth2 and have refresh and access tokens, also not apps will need the tokens, if you only use OAuth to identify the user but not need the access token after adding that automatically will add an extra overhead for nothing.

It should be possible for someone to build a layer on top of Remix Auth that handle that part for you.

[thdk]

Since this library now relies on https://arcticjs.dev/ and builds an arctic oauth client instance under the hood, wouldn't it be possible to provide a arctic client instead of options? Or keep both to maintain backwards compatibility?

So the responsibility of the app would be to construct an arctic client instance (Github, okta, reddit, figma...) and pass it to the remix-auth-oauth2 strategy as option? Or to provide an options object and let this library create the instance of the Oauth2Client under the hood (as it is now)?

[sergiodxa]

The OAuth2Strategy accepts the options and creates the client internally, if you keep the strategy instance around instead of passing it directly to the Authenticator there's now a method to refresh and revoke tokens.