Skip to content

feat(site): Add OAuth support for Mux #280

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
daniel-hayes wants to merge 12 commits into
base: main
Choose a base branch
from
Open

feat(site): Add OAuth support for Mux #280

daniel-hayes wants to merge 12 commits into from

Conversation

@daniel-hayes
Copy link
Collaborator

@daniel-hayes daniel-hayes commented Dec 23, 2025
edited
Loading

Summary

Implements OAuth 2.0 authentication with Mux, using a token-based authentication flow with automatic token refresh and session management.

Security Features

  • CSRF Protection - State parameter validation in OAuth callback
  • Token Encryption - Session cookies encrypted via iron-session
  • JWT Verification - All tokens verified against JWKS endpoint
  • Secure Cookies - httpOnly, secure (in production)
  • Inactivity Timeout - Sessions expire after 5 minutes of inactivity (we can adjust this)

Session Management

  • JWT verification for access and ID tokens
  • Automatic token refresh when approaching expiration

I decided to use iron-session for encrypting / decrypting cookies on requests. Because of this, you will need to include a secure SESSION_COOKIE_PASSWORD that is at least 32 characters long. Their docs suggest creating one here.

You will need the following .env variables to get the flow working end to end.

# OAuth Configuration
OAUTH_CLIENT_ID=<client-id>
OAUTH_CLIENT_SECRET=<client-secret>
OAUTH_REDIRECT_URI=https://videojs.com/api/auth/callback
OAUTH_URL=<mux oauth url>

# Session Encryption
SESSION_COOKIE_PASSWORD=<32-byte-key>

# Mux API
MUX_API_URL=https://api.mux.com

Check out the Login file to see how we can access this information on the front-end.

@vercel
Copy link

vercel bot commented Dec 23, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
vjs-10-demo-html Ready Ready Preview, Comment Dec 23, 2025 11:03pm
vjs-10-demo-next Ready Ready Preview, Comment Dec 23, 2025 11:03pm
vjs-10-demo-react Ready Ready Preview, Comment Dec 23, 2025 11:03pm
vjs-10-website Ready Ready Preview, Comment Dec 23, 2025 11:03pm
vjs-10-website (staging) Ready Ready Preview, Comment Dec 23, 2025 11:03pm

daniel-hayes
daniel-hayes commented Dec 23, 2025
View reviewed changes
site/src/components/LoginButton.tsx
Copy link
Collaborator Author

@daniel-hayes daniel-hayes Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file, as well as the Login.astro file are meant to be examples - please feel free to update/delete any and all of this code.

@daniel-hayes daniel-hayes marked this pull request as ready for review December 23, 2025 16:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@daniel-hayes