Get access token from AuthSession

How to / Third Party Tooling
1

I’ve been following the authentication example in the AuthSession guide. At the end of that flow, I’m left with just the code param. Meaning, the authentication key of the AuthSessionResult object is not defined. I’m assuming that authentication key is what I should use to identify the user on my end, and not the code key, correct?

If that’s the case, I’m assuming I should use AuthSession.exchangeCodeAsync to turn that code into an access token. Is there a reason it is not mentioned in the guide? I’m just wondering if I’m going in the wrong direction.

When I do use exchangeCodeAsync, the screen flashes white and turns blank. I pasted the (edited) code below. Any pointers?

export const SlackAuthentication = () => {
  const [accessToken, setAccessToken] = React.useState('');
  const redirectUri = makeRedirectUri({ useProxy: true });
  const [request, response, promptAsync] = useAuthRequest({
      clientId: '…',
      scopes: ['emoji:read'],
      redirectUri: redirectUri 
  }, slackDiscovery );


  React.useEffect(() => {
    if (response?.type === 'success') {
      const { code } = response.params;
      exchangeCodeAsync({
        clientId: '…',
        clientSecret: '…',
        code,
        redirectUri
      }, slackDiscovery)
      .then((token) => {
        setAccessToken(token);
      }).catch((exchangeError) => {
        console.log(exchangeError);
      });
    }
  }, [response]);

  return (
    <View>
      <Button
        disabled={!request}
        title="Authenticate with Slack"
        onPress={() => {
          promptAsync({ useProxy: true, redirectUri })
        }}
      />
      <Text>Redirect URI: {redirectUri}</Text>
      <Text>Auth Response: {JSON.stringify({response})}</Text>
      <Text>Access Token: {accessToken}</Text>
    </View>
  );
}
2

Any thoughts or pointers on this question?

3

I don’t see anything necessarily wrong with your call to exchangeCodeAsync. I think you possibly need to use await when you call it. Look at the Strava example.

const { accessToken } = await AuthSession.exchangeCodeAsync(
  {
    clientId: request?.clientId,
    redirectUri,
    code: result.params.code,
    extraParams: {
      // You must use the extraParams variation of clientSecret.
      // Never store your client secret on the client.
      client_secret: 'CLIENT_SECRET',
    },
  },
  { tokenEndpoint: 'https://www.strava.com/oauth/token' }
);
4

Ah, that’s a good point. I’ll give it a try. Thank you, Jeremy!