CODEWITHSUNDEEP
node.jsgoogle-app-enginegoogle-appsgoogle-authentication
raz3r
raz3r

Reputation: 3131

Handle server-side Google domain authentication in NodeJS

I recently started looking at the NodeJS framework because I'd like to switch from Java/JSP. Right now in order to authenticate users I use a pretty straight forward code in a JSP page that runs on Google App Engine environment.

UserService userService = UserServiceFactory.getUserService();
if (request.getUserPrincipal() == null) {
    // redirect user to login page if he's not logged in
    // notice that through Google App Engine settings I enabled only a specific domain to login against my application
    response.sendRedirect(userService.createLoginURL("/"));
}
else {
    // render page if he's logged in
}

I wonder if I can achieve something like that in NodeJS, meaning that I don't want the page to be rendered at all if the user is not logged in.

Upvotes: 1

Views: 358

Answers (2)

Zlatko
Zlatko

Reputation: 19578

It's a multi-part question, as seen from your question and comments. So let me add another part to what Julian has answered.

Passport, as Julian has written in the other answer, is what will get you the Google authentication, manage tokens, server/client side, callback urls, everything in that regard. let's say you authenticate via Google and then provide your own, local token for usage in your API.

But let's say you've found a good auth strategy. Also let's say you have some client-side assets and files that are "public" (eg. Login page) and some that you want protected (eg. Dashboard page and the accompanying JS) and, naturally, some of your API endpoints where you provide actual data (eg. /api/users).

In Expess.js apps, you'd go through the set of middlewares until one ends the chain. Consider the example:

let app = require('express')();
// Serve that "public" part, login page
app.use('/login.html', express.static());
// Now, protect the rest with your local token
app.use(passport.authenticate('local'));
// serve the "dashboard"
app.use('/dashboard.html', express.static());
// then the rest
app.use('/api/users', userHandler);

So, your middleware goes top-down. The first of these things that match will end the chain, or in case of passport.authenticate(), add something to request/response (eg. req.user).

So you can use Google auth, local auth, public and authenticated static pages and "pure" API endpoints where you have no client-side assets, only data/content.

Upvotes: 0

Julian Knight
Julian Knight

Reputation: 4923

If you are working with the standard Node.js tools, you will perhaps be familiar with the Passport module.

Passport provides a standardised and relatively easy way to code a variety of authentication methods.

This has a Google authentication plugin.

That is probably your easiest route.

Update

Passport is easily integrated into an Express web service. It can be set to protect some or all "routes" (which the end users see as URL paths) into the service you set up.

On a protected route, if the user is not authenticated or is not authorised for that route, they will see the error page you define or will see a default browser error display for code 401 or 403. Or you can redirect them to an alternative route - e.g. a login page.

You don't need to use EJS. EJS is one of the templating options for the Express web service. There are plenty of alternatives including Jade and Mustache. You don't have to use any templating language if you don't want it.

Upvotes: 2

Related Questions