Arctic

Naver

OAuth 2.0 provider for Naver.

Also see the OAuth 2.0 guide.

Initialization

import { Naver } from "arctic";

const naver = new Naver(clientId, clientSecret, redirectURI);

Create authorization URL

const url = naver.createAuthorizationURL();

Validate authorization code

validateAuthorizationCode() will either return an OAuth2Tokens, or throw one of OAuth2RequestError, ArcticFetchError, or a standard Error (parse errors). Naver returns an access token and a refresh token.

import { OAuth2RequestError, ArcticFetchError } from "arctic";

try {
	const tokens = await naver.validateAuthorizationCode(code);

	const accessToken = tokens.accessToken();
	const refreshToken = tokens.refreshToken();
} catch (e) {
	if (e instanceof OAuth2RequestError) {
		// Invalid authorization code, credentials, or redirect URI
		const code = e.code;
		// ...
	}
	if (e instanceof ArcticFetchError) {
		// Failed to call `fetch()`
		const cause = e.cause;
		// ...
	}
	// Parse error
}

It also returns the access token expiration, but does so in a non-RFC compliant manner. This is a known issue with Naver.

const tokens = await bungie.validateAuthorizationCode(code);
// Should be returned as a number per RFC 6749, but returns it as a string.
if ("expires_in" in tokens.data && typeof tokens.data.expires_in === "string") {
	const accessTokenExpiresIn = Number(tokens.data.expires_in);
}

Refresh access tokens

Use refreshAccessToken() to get a new access token using a refresh token. Naver returns the same values as during the authorization code validation, including the access token expiration which needs to be manually parsed out. This method also returns OAuth2Tokens and throws the same errors as validateAuthorizationCode()

import { OAuth2RequestError, ArcticFetchError } from "arctic";

try {
	const tokens = await naver.refreshAccessToken(refreshToken);
	const accessToken = tokens.accessToken();
	const refreshToken = tokens.refreshToken();
} catch (e) {
	if (e instanceof OAuth2RequestError) {
		// Invalid authorization code, credentials, or redirect URI
	}
	if (e instanceof ArcticFetchError) {
		// Failed to call `fetch()`
	}
	// Parse error
}

Get user profile

Use the /v1/nid/me endpoint.

const response = await fetch("https://openapi.naver.com/v1/nid/me", {
	headers: {
		Authorization: `Bearer ${accessToken}`
	}
});
const user = await response.json();