fix(oauth): correct OAuth implementation to match bunq documentation

2025-07-22 21:56:10 +00:00
parent 739e781cfb
commit 93dddf6181
7 changed files with 51 additions and 70 deletions
--- a/readme.md
+++ b/readme.md
@@ -436,17 +436,19 @@ const bunq = new BunqAccount({
  apiKey: 'your-oauth-access-token',  // OAuth token from bunq OAuth flow
  deviceName: 'OAuth App',
  environment: 'PRODUCTION',
-  isOAuthToken: true  // Important: Set this flag for OAuth tokens
+  isOAuthToken: true  // Optional: Set for OAuth-specific handling
 });

 await bunq.init();

-// OAuth tokens already have an associated session from the OAuth flow,
-// so the library will skip session creation and use the token directly
+// OAuth tokens work just like regular API keys:
+// 1. They go through installation → device → session creation
+// 2. The OAuth token is used as the 'secret' during authentication
+// 3. A session token is created and used for all API calls
 const accounts = await bunq.getAccounts();

-// Note: OAuth tokens have their own expiry mechanism managed by bunq's OAuth server
-// The library will not attempt to refresh OAuth tokens
+// According to bunq documentation: 
+// "Just use the OAuth Token (access_token) as a normal bunq API key"
 ```

 ### Error Handling