feat: added twitch as supported oauth provider (#5)

* feat: added twitch as supported oauth provider

* chore: improvements

---------

Co-authored-by: Sébastien Chopin <[email protected]>

Author: ahmedrangel

README.md

@@ -149,6 +149,7 @@ Supported providers:
 - GitHub
 - Spotify
 - Google
+- Twitch
 
 You can add your favorite provider by creating a new file in [src/runtime/server/lib/oauth/](./src/runtime/server/lib/oauth/).
 
@@ -158,6 +159,9 @@ Example: `~/server/routes/auth/github.get.ts`
 
 ```ts
 export default oauth.githubEventHandler({
+  config: {
+    emailRequired: true
+  },
   async onSuccess(event, { user, tokens }) {
     await setUserSession(event, {
       user: {

playground/.env.example

@@ -8,3 +8,6 @@ NUXT_OAUTH_SPOTIFY_CLIENT_SECRET=
 # Google OAuth
 NUXT_OAUTH_GOOGLE_CLIENT_ID=
 NUXT_OAUTH_GOOGLE_CLIENT_SECRET=
+# Twitch OAuth
+NUXT_OAUTH_TWITCH_CLIENT_ID=
+NUXT_OAUTH_TWITCH_CLIENT_SECRET=

playground/app.vue

@@ -43,6 +43,16 @@ const { loggedIn, session, clear } = useUserSession()
       >
         Logout
       </UButton>
+      <UButton
+        v-if="!loggedIn || !session.user.twitch"
+        to="/auth/twitch"
+        icon="i-simple-icons-twitch"
+        external
+        color="gray"
+        size="xs"
+      >
+        Login with Twitch
+      </UButton>
     </template>
   </UHeader>
   <UMain>

playground/auth.d.ts

@@ -1,10 +1,11 @@
 declare module '#auth-utils' {
   interface UserSession {
     user: {
-      spotify?: any;
-      github?: any;
-      google?: any;
-    };
-    loggedInAt: number;
+      spotify?: any
+      github?: any
+      google?: any
+      twitch?: any
+    }
+    loggedInAt: number
   }
 }

playground/pages/index.vue

@@ -1,7 +1,9 @@
-<script setup>
+<script setup lang="ts">
 const { session } = useUserSession()
 </script>
 
 <template>
-  <pre>{{ session }}</pre>
+  <UPageBody>
+    <pre>{{ session }}</pre>
+  </UPageBody>
 </template>

playground/server/routes/auth/twitch.get.ts

@@ -0,0 +1,15 @@
+export default oauth.twitchEventHandler({
+  config: {
+    emailRequired: true,
+  },
+  async onSuccess(event, { user }) {
+    await setUserSession(event, {
+      user: {
+        twitch: user,
+      },
+      loggedInAt: Date.now()
+    })
+
+    return sendRedirect(event, '/')
+  }
+})

src/module.ts

@@ -79,10 +79,15 @@ export default defineNuxtModule<ModuleOptions>({
       clientId: '',
       clientSecret: ''
     })
-
+    // Google Oauth
     runtimeConfig.oauth.google = defu(runtimeConfig.oauth.google, {
       clientId: '',
       clientSecret: ''
     })
+    // Twitch Oauth
+    runtimeConfig.oauth.twitch = defu(runtimeConfig.oauth.twitch, {
+      clientId: '',
+      clientSecret: ''
+    })
   }
 })

src/runtime/server/lib/oauth/twitch.ts

@@ -0,0 +1,143 @@
+import type { H3Event, H3Error } from 'h3'
+import { eventHandler, createError, getQuery, getRequestURL, sendRedirect } from 'h3'
+import { withQuery, parsePath } from 'ufo'
+import { ofetch } from 'ofetch'
+import { defu } from 'defu'
+import { useRuntimeConfig } from '#imports'
+
+export interface OAuthTwitchConfig {
+  /**
+   * Twitch Client ID
+   * @default process.env.NUXT_OAUTH_TWITCH_CLIENT_ID
+   */
+  clientId?: string
+
+   /**
+   * Twitch OAuth Client Secret
+   * @default process.env.NUXT_OAUTH_TWITCH_CLIENT_SECRET
+   */
+   clientSecret?: string
+
+  /**
+   * Twitch OAuth Scope
+   * @default []
+   * @see https://dev.twitch.tv/docs/authentication/scopes
+   * @example ['user:read:email']
+   */
+  scope?: string[]
+
+  /**
+   * Require email from user, adds the ['user:read:email'] scope if not present
+   * @default false
+   */
+  emailRequired?: boolean
+
+  /**
+   * Twitch OAuth Authorization URL
+   * @default 'https://id.twitch.tv/oauth2/authorize'
+   */
+  authorizationURL?: string
+
+  /**
+   * Twitch OAuth Token URL
+   * @default 'https://id.twitch.tv/oauth2/token'
+   */
+  tokenURL?: string
+}
+
+interface OAuthConfig {
+  config?: OAuthTwitchConfig
+  onSuccess: (event: H3Event, result: { user: any, tokens: any }) => Promise<void> | void
+  onError?: (event: H3Event, error: H3Error) => Promise<void> | void
+}
+
+export function twitchEventHandler({ config, onSuccess, onError }: OAuthConfig) {
+  return eventHandler(async (event: H3Event) => {
+    // @ts-ignore
+    config = defu(config, useRuntimeConfig(event).oauth?.twitch, {
+      authorizationURL: 'https://id.twitch.tv/oauth2/authorize',
+      tokenURL: 'https://id.twitch.tv/oauth2/token'
+    }) as OAuthTwitchConfig
+    const { code } = getQuery(event)
+
+    if (!config.clientId) {
+      const error = createError({
+        statusCode: 500,
+        message: 'Missing NUXT_OAUTH_TWITCH_CLIENT_ID env variables.'
+      })
+      if (!onError) throw error
+      return onError(event, error)
+    }
+
+    const redirectUrl = getRequestURL(event).href
+    if (!code) {
+      config.scope = config.scope || []
+      if (config.emailRequired && !config.scope.includes('user:read:email')) {
+        config.scope.push('user:read:email')
+      }
+      // Redirect to Twitch Oauth page
+      return sendRedirect(
+        event,
+        withQuery(config.authorizationURL as string, {
+          response_type: 'code',
+          client_id: config.clientId,
+          redirect_uri: redirectUrl,
+          scope: config.scope.join('%20')
+        })
+      )
+    }
+
+    const tokens: any = await ofetch(
+      config.tokenURL as string,
+      {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/x-www-form-urlencoded'
+        },
+        params: {
+          grant_type: 'authorization_code',
+          redirect_uri: parsePath(redirectUrl).pathname,
+          client_id: config.clientId,
+          client_secret: config.clientSecret,
+          code
+        }
+      }
+    ).catch(error => {
+      return { error }
+    })
+    if (tokens.error) {
+      const error = createError({
+        statusCode: 401,
+        message: `Twitch login failed: ${tokens.error?.data?.error_description || 'Unknown error'}`,
+        data: tokens
+      })
+      if (!onError) throw error
+      return onError(event, error)
+    }
+
+    const accessToken = tokens.access_token
+    const users: any = await ofetch('https://api.twitch.tv/helix/users', {
+      headers: {
+        'Client-ID': config.clientId,
+        Authorization: `Bearer ${accessToken}`
+      }
+    })
+
+    const user = users.data?.[0]
+
+    if (!user) {
+      const error = createError({
+        statusCode: 500,
+        message: 'Could not get Twitch user',
+        data: tokens
+      })
+      if (!onError) throw error
+      return onError(event, error)
+    }
+
+    return onSuccess(event, {
+      tokens,
+      user
+    })
+  })
+}

src/runtime/server/utils/oauth.ts

@@ -1,9 +1,11 @@
 import { githubEventHandler } from '../lib/oauth/github'
 import { googleEventHandler } from '../lib/oauth/google'
 import { spotifyEventHandler } from '../lib/oauth/spotify'
+import { twitchEventHandler } from '../lib/oauth/twitch'
 
 export const oauth = {
   githubEventHandler,
   spotifyEventHandler,
-  googleEventHandler
+  googleEventHandler,
+  twitchEventHandler,
 }