Reputation: 92
Handle Google OAuth with JWT (react + nodejs)
I am working on the authentication system of a web app, using Next.js for the client app and Node.js for the API.
- I have my Next.js app on port 3000
- I externalized the API of my application, on port 5000
That's why I used JWT for the local signin/signup strategies. (I'm planning to use the same API for the mobile application later)
I am now wondering what is the best approch for a Google Authentication. I have set it up, but I don't know how to give the token to the client.
Here is the process:
- On Signin page (http://localhost:3000/signin), the user clicks on "Google authentication". It redirects to 'http://localhost:5000/auth/google"
- Passport handles it, it redirects to Google OAuth page. User authorize the application.
- Google redirects to the callback URL (http://localhost:5000/auth/google/redirect)
In the callback route, I can create a JWT. But how can I give it back to the client ? I have thought of passing it through URL, but I am wondering if it is safe ? Is there another way to do it / Am I missing the point ?
router.get('/google/redirect', (req, res, next) => {
return passport.authenticate('google', (err, user) => {
if (err) {
return res.redirect('http://localhost:3000/signin')
}
console.log(user)
// Create JWT and redirect to http://localhost:3000/signin/oauth?token=xxx ?
})(req, res, next)
})
I can show more code if needed, but it works (code is not the blocking point).
Thank you in advance !
Upvotes: 3
Views: 2485
Answers (1)
Reputation: 49182
all you have to do is setting up cookie session. When google sends responds to /google/redirect, passport.authenticate will call req.login() and this will call the serializeUser
passport.serializeUser(
(user, done ) => {
done(null, user.id); // stores the id<4kb
}
);
this function will create, passport:{user:userId}. this is the unique identifying information about the user. This where you need session. Because passport.js will automatically look for req.session and attaches the passport object to the req.session.
Since we are storing only userId, usually cookie-session package. this package will set req.session object, passport.js will attach the passport object and the cookie-session will store this on the client.
Upvotes: 1
Related Questions
- Google Auth in React
- From Google JWT to Access and Refresh tokens using React and Node.js
- Implementing simple Google oAuth in ReactJS
- Next.js implementing google signin with /api routes and passport
- Can anyone share an example of next js with passport google oauth2 integration?
- What is the best practice to use Oauth2, React, Node.js and Passport.js to authenticate user with Google sign on button?
- using google oauth2.0 with react, express application
- passport google strategy with jwt
- Authenticating googleapi node library with passport
- Using passport-google-oauth with react-native