Next-auth: Twitter accessTokenSecret

Hi there, yes (I think; I have not checked but it should work…).

The second parameter passed to the insert()function in next-auth.functions.js returns the full, raw profile object as returned by whatever oAuth service you are using - so if it is returned by the service you should be able to see it there.

````javascript
insert: (user, oAuthProfile) => {
return new Promise((resolve, reject) => {
usersCollection.insert(user, (err, response) => {
if (err) return reject(err)

  // Mongo Client automatically adds an id to an inserted object, but 
  // if using a work-a-like we may need to add it from the response.
  if (!user._id && response._id) user._id = response._id

  return resolve(user)
})

})
}
````

Note: The insert() method is called only on account creation, I don't think the update() method also gets the raw profile from the oAuth provider as an option.

It's like this because APIs like Google normally only provide things like Refresh Tokens and other things you might want to capture on first login, but if if you have users with accounts already and want to capture them with update() I'm happy to add oAuthProfile as an additional parameter to update() too.

(This is a useful enquiry for the next update, thank you.)

Thanks. Turns out that the refreshToken is the Twitter accessTokenSecret.

Thanks for leaving a comment for others!

This inconsistency between oAuth APIs (because the standard isn't explicit) is such a huge pain and endless confusion (and almost impossible to remember and track over time).

I might document the different names for properties in popular services in a table in the README (e.g. client/secret/key/access token/etc) so it's clearer.