// routes/fanfare-auth.ts
import express from "express";
const router = express.Router();
const FANFARE_API_BASE_URL = "https://api.fanfare.io";
const FANFARE_ORG_ID = process.env.FANFARE_ORG_ID!;
const FANFARE_SECRET_KEY = process.env.FANFARE_SECRET_KEY!;
interface ExternalAuthPayload {
provider: string;
issuer: string;
subject: string;
claims?: Record<string, unknown>;
}
// POST /api/fanfare/authorize
router.post("/authorize", async (req, res) => {
try {
// 1. Verify the user is authenticated in YOUR system
const user = req.user; // From your auth middleware
if (!user) {
return res.status(401).json({ error: "Unauthorized" });
}
// 2. Create external auth payload
const payload: ExternalAuthPayload = {
provider: "your-platform", // Unique identifier for your platform
issuer: "https://your-domain.com", // Your domain
subject: user.id, // User's unique ID in your system
claims: {
email: user.email,
name: user.name,
// Add any other relevant user data
tier: user.subscriptionTier,
createdAt: user.createdAt,
},
};
// 3. Request exchange code from Fanfare
const response = await fetch(`${FANFARE_API_BASE_URL}/auth/external/authorize`, {
method: "POST",
headers: {
"Content-Type": "application/json",
"X-Organization-Id": FANFARE_ORG_ID,
"X-Secret-Key": FANFARE_SECRET_KEY, // Server-side only!
},
body: JSON.stringify(payload),
});
if (!response.ok) {
const error = await response.json();
console.error("Fanfare auth error:", error);
return res.status(500).json({ error: "Authentication failed" });
}
const { exchangeCode, expiresAt } = await response.json();
// 4. Return exchange code to client
// The code expires in 60 seconds
res.json({ exchangeCode, expiresAt });
} catch (error) {
console.error("External auth error:", error);
res.status(500).json({ error: "Internal server error" });
}
});
export default router;