Exposed verify token. Fixes #43.

[YourDeveloperFriend]

No description provided.

[dougwilson]

Please add some tests and documentation :)

[YourDeveloperFriend]

Please add some tests and documentation :)

Done!

[dougwilson]

The .only disabled all other tests. Please just use describe.

[YourDeveloperFriend]

My bad, I had that in there for my own tests. I'll remove it.

[dougwilson]

Thanks, looking good! The tests are failing in Node.js 0.12 and up, it looks like. Seems like just an issue in the tests themselves, I would guess.

[YourDeveloperFriend]

Awesome, I'll take a look at it in 0.12 and see if I can find out what's going on.

[camacho]

@YourDeveloperFriend @dougwilson Any update on the status of this PR? Tests seem to be passing and code approved - would be great to have access to this functionality without having to use a forked version. Happy to contribute if there's more work to be done.

[dougwilson]

Hi @camacho , sorry, I didn't realize the issue was addressed, as there was no follow-up comment after "I'll take a look" and GitHub provides no notifications for when new commits are pushed to a PR, so it completely dropped off my radar.

[camacho]

no worries @dougwilson - is there anything additional that needs to be done with this PR?

[mindvox]

This would be great to get implemented.. would be nice to base64 encode/decode or encrypt tokens during use.

[JustinLivi]

Is there anything I could do to help move this along? I was about to fork myself to build this exact feature. I would very much prefer to be able to use the upstream library.

[alvarotrigo]

It was never merged?

[YourDeveloperFriend]

AFAIK there's nothing on my end that needs to happen. Please let me know if there's something that's missing from my PR.

[iofluxdev1]

How about getting this merged in. It has been 2 years...

[davidjb]

👍 For this feature. My use case is the same as #43 in that I'm validating state within an OAuth callback.

[jamesfiltness]

👍 for this. I also want to use csurf to validate state in an OAuth context.

[jamesfiltness]

For anyone needing csurf in the context of an OAuth callback you can use the following as a middleware:

const csrfProtection = csrf({
  value: function(req) {
    // grab the csrf token from the query param
    return req.query.state;
  },
  // by default csurf ignores GET requests
  ignoreMethods: ['HEAD', 'OPTIONS'],
});

router.get('/', csrfProtection, require('./kloudless-oauth-callback'));