javascript - Jawbone API OAuth access_token handling with node.js (express & passport) -

has navigated jawbone's oauth2.0 authentication rest api?

i unable figure out how access , send authorization_code in order obtain access_token (steps 4 & 5 in jawbone api authorization documentation). want reuse access_token subsequent (ajax-style) calls , avoid asking user reauthorize each time.

each call of api (get.sleeps) requires full round trip of auth process including reauthorization authorization_token (screen shot). both jawbone , passport documentation vague on point.

my stack involves, node.js, jawbone-up npm, express.js , passport.js. passport strategy jawbone appears work correctly valid data back.

the jawbone-up npm explicitly not maintain session (access_token), saying "this library not assist in getting access_token through oauth..."

question: how use oauth access_token in api call? can show me code this?

thanks

var dotenv = require('dotenv').load(),     express = require('express'),     app = express(),     ejs = require('ejs'),     https = require('https'),     fs = require('fs'),     bodyparser = require('body-parser'),     passport = require('passport'),     jawbonestrategy = require('passport-oauth').oauth2strategy,     port = 5000,     jawboneauth = {        clientid: process.env.jawbone_client_id,        clientsecret: process.env.jawbone_client_secret,        authorizationurl: process.env.jawbone_auth_url,        tokenurl: process.env.jawbone_auth_token_url,        callbackurl: process.env.jawbone_callback_url      },     ssloptions = {         key: fs.readfilesync('./server.key'),         cert: fs.readfilesync('./server.crt')     };     app.use(bodyparser.json());     app.use(express.static(__dirname + '/public'));     app.set('view engine', 'ejs');     app.set('views', __dirname + '/views');  // ----- passport set ----- // app.use(passport.initialize());  app.get('/',      passport.authorize('jawbone', {         scope: ['basic_read','sleep_read'],         failureredirect: '/'     }) );  app.get('/done',     passport.authorize('jawbone', {         scope: ['basic_read','sleep_read'],         failureredirect: '/'     }), function(req, res) {         res.render('userdata', req.account);     } );  passport.use('jawbone', new jawbonestrategy({     clientid: jawboneauth.clientid,     clientsecret: jawboneauth.clientsecret,     authorizationurl: jawboneauth.authorizationurl,     tokenurl: jawboneauth.tokenurl,     callbackurl: jawboneauth.callbackurl }, function(token, refreshtoken, profile, done) {     var options = {             access_token: token,             client_id: jawboneauth.clientid,             client_secret: jawboneauth.clientsecret         },         = require('jawbone-up')(options);      up.sleeps.get({}, function(err, body) {         if (err) {             console.log('error receiving jawbone data');         } else {         var jawbonedata = json.parse(body).data;         console.log(jawbonedata);         return done(null, jawbonedata, console.log('jawbone data ready displayed.'));         }     }); })); // https var secureserver = https.createserver(ssloptions, app).listen(port, function(){     console.log('up server listening on ' + port); }); 

you weren't far off, getting token. make code work few steps needed:

add concept of "session", data exists request request global variable. when full web app use express-sessions , passport-sessions , implement user management. add global single user state.

var demosession = {     accesstoken: '',     refreshtoken: '' }; 

pass in user object in done() of jawbonestrategy. because "authorize" feature of passport expecting user exist in session. attaches authorize results user. since testing api pass in empty user.

// setup passport jawbone authorization strategy passport.use('jawbone', new jawbonestrategy({     clientid: jawboneauth.clientid,     clientsecret: jawboneauth.clientsecret,     authorizationurl: jawboneauth.authorizationurl,     tokenurl: jawboneauth.tokenurl,     callbackurl: jawboneauth.callbackurl }, function(accesstoken, refreshtoken, profile, done) {     // got access token, store in our temp session     demosession.accesstoken = accesstoken;     demosession.refreshtoken = refreshtoken;     var user = {}; // <-- need empty user     done(null, user);     console.dir(demosession); })); 

use special page show data "/data". add route separate auth display of service.

app.get('/done', passport.authorize('jawbone', {         scope: ['basic_read','sleep_read'],         failureredirect: '/'     }), function(req, res) {         res.redirect('/data');     } ); 

lastly jawbone sleeps api little tricky. have add yyyymmdd string request:

app.get('/data', function(req, res) {      var options = {         access_token: demosession.accesstoken,         client_id: jawboneauth.clientid,         client_secret: jawboneauth.clientsecret     };     var = require('jawbone-up')(options);      // need add date or sleep call fails     var yyyymmdd = (new date()).toisostring().slice(0, 10).replace(/-/g, "");     console.log('getting sleep day ' + yyyymmdd);      up.sleeps.get({date:yyyymmdd}, function(err, body) {         if (err) {             console.log('error receiving jawbone data');         } else {             try {                 var result = json.parse(body);                 console.log(result);                 res.render('userdata', {                     requesttime: result.meta.time,                     jawbonedata: json.stringify(result.data)                 });             }             catch(err) {                 res.render('userdata', {                     requesttime: 0,                     jawbonedata: 'unknown result'                 });             }          }     }); }); 

i have created gist works me here thats based on code: https://gist.github.com/longplay/65056061b68f730f1421