Snyk Apps Passport OAuth2 Strategy


001.0.321 days ago24 days agoMinified + gzip package size for @snyk/passport-snyk-oauth2 in KB



Snyk's OAuth2 strategy for Passportjs to make authenticating Snyk Apps seamless.


We recently launched Snyk Apps which allows developers to create their own apps for Snyk and extend the functionality of the Snyk platform. It is available for all languages or framework of your choice. We used Node.js and TypeScript to demo the authencition flow and usage of Snyk Apps using our Snyk App Demo. In the Snyk App Demo we use Passportjs to make the authentication flow and implementation of the same easier for the user. To further extend this, we have created @snyk/passport-snyk-oauth2. This can be easily integrated with Passportjs and make your developer experience even better.



npm install @snyk/passport-snyk-oauth2
// or
yarn add @snyk/passport-snyk-oauth2

Configure Strategy

import axios from 'axios';
import passport from 'passport';
import SnykOAuth2Strategy from '@snyk/passport-snyk-oauth2';

// User can pass their own implementation of fetching the profile
// by providing the profileFunc implementation. Snyk OAuth2 strategy
// will call this function to fetch the profile associated with request
const profileFunc: ProfileFunc = function (accessToken: string) {
    return axios.get('https://api.dev.snyk.io/v1/user/me', {
      headers: { 'Content-Type': 'application/json; charset=utf-8', Authorization: `bearer ${accessToken}` },

    new SnykOAuth2Strategy(
        authorizationURL: testData.authorizationURL,
        tokenURL: testData.tokenURL,
        clientID: testData.clientID,
        clientSecret: testData.clientSecret,
        callbackURL: testData.callbackURL,
        scope: testData.scope,
        scopeSeparator: ' ',
        state: true,
        passReqToCallback: true,
        nonce: testData.nonce,
        profileFunc: fetchProfile,
      // Callback function called with the
      // data fetched as part of authentication
      async function (
        req: Request,
        access_token: string,
        refresh_token: string,
        params: Params,
        profile: any,
        done: any,
      ) {
        // Notify passport that all work, like storing
        // of data in DB has been completed
        done(null, 'Done!');

Authentication Requests

import express from 'express';
const app = express();

app.get('/auth', passport.authenticate('snyk-oauth2'));

    passport.authenticate('snyk-oauth2', {
      successRedirect: '/callback/success',
      failureRedirect: '/callback/failure',
app.get('/callback/success', (req, res) => {
    return res.send('Authenticated successfull');

app.get('/callback/failure', (req, res) => {
    return res.send('Authentication failed');

If you find any bugs or have a feature request, please open an issue on github!

The npm package download data comes from npm's download counts api and package details come from npms.io.