Polar
OAuth 2.0 authorization code provider for Polar. Only supports confidential clients.
Also see OAuth 2.0 with PKCE.
Initialization
import { Polar } from "arctic";
const polar = new Polar(clientId, clientSecret, redirectURI);
Create authorization URL
import { generateState, generateCodeVerifier } from "arctic";
const state = generateState();
const codeVerifier = generateCodeVerifier();
const scopes = ["openid", "profile"];
const url = polar.createAuthorizationURL(state, codeVerifier, scopes);
Validate authorization code
validateAuthorizationCode()
will either return an OAuth2Tokens
, or throw one of OAuth2RequestError
, ArcticFetchError
, or a standard Error
(parse errors). Polar returns an access token, its expiration, and a refresh token.
import { OAuth2RequestError, ArcticFetchError } from "arctic";
try {
const tokens = await polar.validateAuthorizationCode(code, codeVerifier);
const accessToken = tokens.accessToken();
const accessTokenExpiresAt = tokens.accessTokenExpiresAt();
} catch (e) {
if (e instanceof OAuth2RequestError) {
// Invalid authorization code, credentials, or redirect URI
const code = e.code;
// ...
}
if (e instanceof ArcticFetchError) {
// Failed to call `fetch()`
const cause = e.cause;
// ...
}
// Parse error
}
OpenID Connect
Use OpenID Connect with the openid
scope to get the user's profile with an ID token or the userinfo
endpoint. Arctic provides decodeIdToken()
for decoding the token's payload.
const scopes = ["openid"];
const url = polar.createAuthorizationURL(state, codeVerifier, scopes);
import { decodeIdToken } from "arctic";
const tokens = await polar.validateAuthorizationCode(code, codeVerifier);
const idToken = tokens.idToken();
const claims = decodeIdToken(idToken);
const response = await fetch("https://docs.polar.sh/api/v1/oauth2/userinfo", {
headers: {
Authorization: `Bearer ${accessToken}`
}
});
const user = await response.json();
Get user profile
Make sure to add the profile
scope to get the user profile and the email
scope to get the user email.
const scopes = ["openid", "profile", "email"];
const url = polar.createAuthorizationURL(state, codeVerifier, scopes);
Refresh tokens
Use refreshAccessToken()
to get a new access token using a refresh token. This method's behavior is identical to validateAuthorizationCode()
.
import { OAuth2RequestError, ArcticFetchError } from "arctic";
try {
const tokens = await polar.refreshAccessToken(accessToken);
const accessToken = tokens.accessToken();
const accessTokenExpiresAt = tokens.accessTokenExpiresAt();
} catch (e) {
if (e instanceof OAuth2RequestError) {
// Invalid authorization code, credentials, or redirect URI
}
if (e instanceof ArcticFetchError) {
// Failed to call `fetch()`
}
// Parse error
}
Revoke tokens
Revoke tokens with revokeToken()
. This can throw the same errors as validateAuthorizationCode()
.
try {
await polar.revokeToken(token);
} catch (e) {
if (e instanceof OAuth2RequestError) {
// Invalid authorization code, credentials, or redirect URI
}
if (e instanceof ArcticFetchError) {
// Failed to call `fetch()`
}
// Parse error
}