Comments (15)
I'm very interested in this one, since I'm trying to make Google sign in without redirection, so my FE makes the work and sends token to BE.
@Beardless-sheik how do you plan to validate Google's token before using to to create internal token? Any ideas would be appreciated :)
from node-express-boilerplate.
I did it check my liver-backend project. I took 90% from you and tried to change to my standarts. Added Oauth login and reg. Tests etc.
from node-express-boilerplate.
Oi
from node-express-boilerplate.
Oi
from node-express-boilerplate.
Issue taken?
from node-express-boilerplate.
Hi @Beardless-sheik, the issue is not taken yet. You can do a PR.
from node-express-boilerplate.
@codenomnom the issue is still up for grabs if you would like to do a pull request.
from node-express-boilerplate.
Hey, thanks. I can surely try to come up with some solution. But first - what are your thoughts on the way this should work? I can think of two ways to do so - 1) use passport google strategy, or 2) use passport http bearer.
The first one is super opinionated and requires get endpoint that redirects to google sign in (through passport.authenticate
), then comes back and registers the user. This means it either need to make a full front-end page redirection, or in case of opening a popup - backend needs to render "close me" javascript in order for it to close ๐
The second approach is more API oriented, waiting for the front-end to provide access token, register the user and return another "system token" as you've already setup in tokens service (that would be later on used for authorizing routes). But here comes the question - how do we validate the access token?
There might be some other approach - I'd be happy if you share any ideas ๐ For my current project I've used the first approach: FE opens new popup, pointing to backend (auth/google
). Route calls passport.authenticate('google')
, which redirects to Google sign in. Callback url is again backend route (auth/google/callback
). It registers/logs-in the user, and then it renders a js script. The popup itself sends a message to it's opener (the main web page) with the user profile, and then the popup closes itself using window.close()
(a bit more complicated, but does the same).
from node-express-boilerplate.
@hagopj13 any news on this one?
from node-express-boilerplate.
Hi @codenomnom, sorry for the late reply. Thanks for your input.
I prefer to go with the second (API-oriented) approach that you mentioned.
What I can already picture is something like this: User logs in via google on UI, after which an access token is sent to the google login route of the server. The server uses that access token to fetch information about the user from Google and creates an account if not found (with a random password). The server then returns a refresh token and an access token (just like the regular login) back to the user. The user can keep on using that same refresh token to actually get a new access token every time, until the refresh token expires, after which the user has to login via Google again (of course a new user account will not be created now).
Some notes:
- To decide whether a user already exists or not could be easily done through the email found in the info fetched from Google
- The
User
model can also be extended to include the user's 'Google ID' which is also found in the info fetched from Google. This could potentially also be done in a modular wayservices: { google: 'some-google-id' }
so that in the future more services can be integrated.
Please let me know what you think.
from node-express-boilerplate.
Why not, but you should think about something instead of a random password.
from node-express-boilerplate.
@alibabayev0 even better with no password at all. Then the user can still have the option of setting a password.
from node-express-boilerplate.
Hey guys, any success with this one? I'd love to take advantage of this feature if it gets integrated :)
from node-express-boilerplate.
Is this issue still open ?
from node-express-boilerplate.
Hey guys, can we create a api related to login only though mobile number and otp . if any one of suggestion then tell me
from node-express-boilerplate.
Related Issues (20)
- Pagination Query for 'ref' documents.
- Implement oAuth Login
- pm2: command not found when run docker compose
- Can you upgrade the dependency๏ผ
- Authentication: Is refresh token never expired? HOT 4
- Multiple roles/permissions HOT 2
- Can we add commit message lint?
- Can we use release-please for the release notes and create the tags in the GIT?
- API documentation : HTTP basic authentication? HOT 1
- ERROR [node-app 5/6] RUN yarn install --pure-lockfile HOT 2
- logout api only invalidate the refresh token, but the auth token is still valid until it expires HOT 2
- xss-clean - Package no longer supported
- It adds new refresh token when another token already exist for logged in user HOT 2
- Incorrect docs route unit test
- Validation middleware isn't working with external validation HOT 5
- req.body undefined HOT 1
- Mongoose V5.5.3+ introduced .remove() deprecation
- Same token generated all the time HOT 1
- Tests failing due to MongoWriteConcern
- MongoDB data loss
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-express-boilerplate.