Reputation: 325
Storing OAuth credentials in a mongodb database
I am trying to add OAuth to my application using react-native(expo), node.js, and mongodb. Currently I am just working on implementing google authentication with the "google-auth-library" package on the backend. I am able to get all of the data that I need (access-token, id-token, email, username, etc.), but I'm not sure how to store that in the database. Along with the google authentication, I also have my own authentication using an email/password combination. The first question I have is, since mongodb automatically generates the objectID for each document, would I have to add a "googleID" field to the User model in order to differentiate the users that sign in using google? It doesn't seem like an optimal solution since if tomorrow if I want to add facebook authentication, I'll have to then add a "facebookID" field and then repeat this for any authentication I want to add. Is there a better way to differentiate users that use different authentication methods? And my other question is, since I have my own authentication, how do I treat the "password" field for users that sign in with google? Since I don't have their password in my database, would I conditionally check their password only if they are signing in with my personal authentication system? And similarly, would I only require a password to be provided from users not using google when they register an account? Hopefully those questions make sense and thank you to anyone who can help.
Upvotes: 1
Views: 1750
Answers (1)
Reputation: 2572
The first question I have is, since mongodb automatically generates the objectID for each document, would I have to add a "googleID" field to the User model in order to differentiate the users that sign in using google?
You would want to setup a second collection for tokens, and either embed them in the user Or you would want to store the tokens in their own collection and store the user id on the token with the googleID as a field on the record. You can store the token with a "tokenType" and then a "value" for the tokens OAUTH provided id.
as for how to write the embed with react-native You may want to look at documentation for the library mongoose for nodejs for additional understanding. Mongodb is a NoSQL database that lives and breathes embedded records.
And my other question is, since I have my own authentication, how do I treat the "password" field for users that sign in with google? Since I don't have their password in my database, would I conditionally check their password only if they are signing in with my personal authentication system? And similarly, would I only require a password to be provided from users not using google when they register an account?
with OAUTH you have to store the token in the device, and refresh it with the refresh token that the OAUTH provider gives you. When they provide the token, you lookup that token on your database and identify what user/email that token belongs to. And attempt to refresh it if its expired.
Upvotes: 2
Related Questions
- OAuth2 client credentials
- How to store OAuth 2 access tokens in a database?
- Storing O-Auth Tokens
- Loading Example Data into DB using node-oauth2-server with MongoDB example
- How to use OAuth 2 for authentication in Node?
- MongoDB connect with credentials
- Mongodb authentication application - db.auth()
- How to create a mongodb user for the first time in a Nodejs Application
- mongodb and authenticate and passport in node.js
- Authenticating in MongoDB with node-native