magic-link-support.js

const express = require('express');
const jwt = require('jsonwebtoken');
const { OktaAuth, AuthenticatorKey } = require('@okta/okta-auth-js');

const myMemoryStore = {};
const storageProvider = {
  getItem: function (key) {
    return myMemoryStore[key];
  },
  setItem: function (key, val) {
    myMemoryStore[key] = val;
  },
  removeItem: function (key) {
    delete myMemoryStore[key];
  }
}

const { CLIENT_ID, LOGIN_URL } = process.env;

const authClient = new OktaAuth({
  issuer: `${LOGIN_URL}/oauth2/default`,
  clientId: CLIENT_ID,
  redirectUri: 'http://localhost:3000/magic-link/callback',
  storageManager: {
    token: {
      storageProvider,
    },
    transaction: {
      storageProvider,
    }
  }
});

const htmlRouter = express.Router();

htmlRouter.get('/magic-link/email-input', (req, res) => {
  res.sendFile(__dirname + '/html/email-input.html');
});

htmlRouter.get('/magic-link/code-input', (req, res) => {
  res.sendFile(__dirname + '/html/code-input.html');
});

htmlRouter.get('/magic-link/complete', (req, res) => {
  res.sendFile(__dirname + '/html/magic-link-complete.html');
});

const apiRouter = express.Router();

// Callback URL that validates the magic link and gets and displays token info
apiRouter.get('/magic-link/callback', async (req, res) => {
  const search = `?${new URLSearchParams(req.query).toString()}`;
  const transaction = await authClient.idx.handleEmailVerifyCallback(search);
  if (!transaction || transaction.status !== 'SUCCESS') {
    return res.status(400).json({
      error: true,
      query: req.query,
      transactionStatus: transaction?.status || 'no transaction',
    });
  }
  const { accessToken } = transaction.tokens.accessToken;
  const { refreshToken } = transaction.tokens.refreshToken;
  const tokenPayload = jwt.decode(accessToken);
  const queryParams = {
    accessToken,
    refreshToken,
    userId: tokenPayload.virtru_user_id,
    sessionId: tokenPayload.virtru_session_id,
  };
  const query = new URLSearchParams(queryParams).toString();
  return res.redirect(`/magic-link/complete?${query}`);
});

// Request the verification email for the givne email address in the query
apiRouter.get('/magic-link/start', async (req, res) => {
  const { email } = req.query;
  if (!email) {
    return res.status(400).json({ error: 'must provide email query param' });
  }
  console.log('Sending verification email to', email);
  await authClient.idx.clearTransactionMeta();
  const transaction = await authClient.idx.authenticate({
    username: email,
    authenticator: AuthenticatorKey.OKTA_EMAIL,
    methodType: 'email',
    scopes: [
      'openid',
      'email',
      'profile',
      'offline_access'
    ]
  });
  const { state } = transaction.meta;

  if (transaction.nextStep.name !== 'challenge-authenticator') {
    console.error('got unexpected next step:', transaction.nextStep.name);
  } else {
    console.log('Good state for user.', transaction.nextStep.name);
  }
  return res.redirect(`/magic-link/code-input?state=${state}`);
});


const app = express();

app.get('/', (_, res) => res.redirect('/magic-link/email-input'));
app.use('/api', apiRouter);
app.use('/', htmlRouter);

app.listen(3000, () => console.log('Example app listening on port 3000!'));