sebastiangug / passport-google-token Goto Github PK

View Code? Open in Web Editor NEW

42.0 42.0 42.0 153 KB

License: MIT License

JavaScript 100.00%

passport-google-token's People

Contributors

Stargazers

passport-google-token's Issues

Publish to npm

Hi,

can you please publish this repository to npm.

Request pending

See:

import { Strategy as GoogleStrategy } from 'passport-google-token';
import passport from 'passport';
import { Router } from 'express';
import { User } from './models';
const router = Router();

passport.use(new GoogleStrategy({
    clientID: 'CLIENT',
    clientSecret: 'SECRET',
  },
  function(accessToken, refreshToken, profile, done) {
    User.create({metaData: profile}).then(function(user, err) {
      done(null, user, user);
    });
  }
));



router.post('/google/callback',
  passport.authenticate('google-token'),
  function(req, res) {
    console.log('HERE!!!!');
    res.send('req');
    // Successful authentication, redirect home.
  }
);

export default router;

For some reason it stays as pending request...

JWT tokens

Hi,

Can you use Google-issued JWT tokens for Android app with this library? The flow is described here: https://developers.google.com/identity/protocols/CrossClientAuth

If not, do you know any other passport integrations for that?

Thanks,
Sasha.

Below is my angular js service function( Where auth2 is the google api auth object) and after that is my server passport strategy code. I'm unable to authenticate using headers or params in my http request and keep getting unauthorized error.

this.glogin =function(){
        var deferred = $q.defer();.
        auth2.signIn({
          'scope': 'profile email'
        }).then(function(response){
            self.gUser=response;
            self.accesstoken = self.gUser.getAuthResponse().access_token;
            $cookies.put('acctoken',self.accesstoken);
            $log.log('self.accesstoken',self.accesstoken);
               $http({
                method: 'GET',
                url:"/auth/google/accesstoken",
                //params:{access_token : self.accesstoken},
                headers:{
                 access_token : self.accesstoken
                }
                }).then(function successCallback(srresponse){
                  
                  self.userobj=srresponse.data;
                  $log.log('google passport authenticated user:',srresponse.data);
                  $cookies.putObject('usrobj',srresponse.data);
                  deferred.resolve(self.userobj);
            
                },function errorCallback(srresponse){
                  $log.error("http request for user login failed");
                  deferred.reject(srresponse.statusText);
              }); //$http google+
        });
               
        return deferred.promise;
    };//glogin

node js code

passport.use(new GoogleTokenStrategy ({
    clientID: Auth.googleAuth.clientID,
    clientSecret: Auth.googleAuth.clientSecret    
  },  function(accessToken, refreshToken, profile, done) {
    // Create or update user, call done() when complete...
     process.nextTick(function(){
        ubCust.findOne({'email' : profile.emails[0].value}, function(err, user) {
          if (err) 
              return done(err);
          if(user)
              {
                if(user.facebook.id)
                {
                    user.google.id = profile.id;
                    user.google.token = accessToken;
                    user.google.fname = profile.displayName;
                    user.google.lname = profile.name.familyName;
                    user.fname = profile.displayName;
                    user.lname = profile.name.familyName;
                    user.email = profile.emails[0].value;
                    user.save(function(err){
                            if (err)
                                throw err;
                            return done(null,user);
                        });
                }
                else
                  return done(null,user);
              }
              
            else
                {
                    var newUser = new ubCust;
                    newUser.google.id = profile.id;
                    newUser.google.token = accessToken;
                    newUser.google.fname = profile.displayName;
                    newUser.google.lname = profile.name.familyName;
                    newUser.fname = profile.displayName;
                    newUser.lname = profile.name.familyName;
                    newUser.email = profile.emails[0].value;
                    newUser.save(function(err){
                        if (err)
                            throw err;
                        return done(null,newUser);
                    });
                    console.log(profile);
                }
            //done(null, profile, tokens);
            }); //findOne
        });//nextTick

  }
));

Google changed a bit - idToken & serverAuthCode

Hello,

Thak you for your work.
Google changed a bit and instead of getting an access_token I now get an serverAuthCode and idToken.

Using the serverAuthCode cause now an Unauthorized error.
Do you know what I could do ?

Regards,

Update retrieve user profile url

Please change this url https://www.googleapis.com/oauth2/v1/userinfo to the following
https://www.googleapis.com/plus/v1/people/me
since the v1 url is deprecated by google api, it only returns id, name, display name only.

Unauthorized

Hello,

I got an Unauthorised response.

This is my current code :

var GoogleTokenStrategy = require('passport-google-token');

passport.use(new GoogleTokenStrategy.Strategy({
    clientID: "521119",
    clientSecret: "GuIbP6"
  },
  function(accessToken, refreshToken, profile, done) {
    console.log("profile google : " + profile);
    return done(null, null);
  }
));

app.get('/auth/google/token', passport.authenticate('google-token'),
 function(req, res) {
   console.log("user : " + req.user);
  res.send(req.user);
});

I don't know where is the problem. Can you help me.

What is client secret?

The Google API console gives a client_id but nothing named "client secret".
Is it the private key?
Thanks

Access Type and Approval Prompt Parameters

Does this support "access_type" and "approval_prompt" parameters to be passed to google through authorizationParams?

Failing to verify the application id?

Hey, I was playing around with this library, and I noticed that I could get a token issued under one client id, and validate it with another. It's possible I'm missing something, but I think this may be vulnerable to a confused deputy problem.

For example, I can take my oauth app from Google:

926872579832-ruurs5s2cirehpavk7141n2tqqjj5el5.apps.googleusercontent.com

Generate a token with it using this link, in a browser (I'm doing this from Ember, which doesn't matter):

https://accounts.google.com/o/oauth2/v2/auth?response_type=token&client_id=926872579832-ruurs5s2cirehpavk7141n2tqqjj5el5.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Ftorii%2Fredirect.html&state=z7D36Js0tlu8b6Xx&scope=email

Which gives me the token:

ya<censored>8e

If I use tokeninfo, it validates to that app id:

$ curl 'https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=ya<censored>8e'

{
"azp": "926872579832-ruurs5s2cirehpavk7141n2tqqjj5el5.apps.googleusercontent.com",
"aud": "926872579832-ruurs5s2cirehpavk7141n2tqqjj5el5.apps.googleusercontent.com",
"sub": "",
"scope": "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/plus.me",
"exp": "1508539316",
"expires_in": "3522",
"email": "[email protected]",
"email_verified": "true",
"access_type": "online"
}

But when I validate it in passport-google-token configured as such (note that clientID is different, as is clientSecret):

  passport.use(
    new GoogleTokenStrategy({
      clientID: '926872579832-dij365g8vl2j7ntsq8ib09toegel1lp1.apps.googleusercontent.com',
      clientSecret: '<censored>',
    },
    function(accessToken, refreshToken, profile, done) {
      console.log(accessToken);
      console.log(profile);

      return done(null, {});
    })
  );

It successfully validates the token (I'm censoring some fields):

{ provider: 'google',
  id: '<id>',
  displayName: '',
  name: { familyName: '', givenName: '' },
  emails: [ { value: '<email>' } ],
  _raw: '{\n "id": "<id>",\n "email": "<email>",\n "verified_email": true,\n "name": "",\n "given_name": "",\n "family_name": "",\n "picture": "https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/photo.jpg",\n "hd": "<email>"\n}\n',
  _json: 
   { id: '<id>',
     email: '<email>',
     verified_email: true,
     name: '',
     given_name: '',
     family_name: '',
     picture: 'https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/photo.jpg',
     hd: '<domain>' } }

I'm pretty sure that's incorrect behaviour. From Google's docs, it says:

Important: Before using the token, you need to verify that this field's value exactly matches your Client ID in the Google API Console. This verification ensures that your application is not vulnerable to the confused deputy problem.

I'm pretty sure that's not happening.

Headers with underscores stripped by default by nginx

This isn't an issue as such, but just a point that it might be worth making clear, i.e. in the readme: nginx strips any headers that contain underscores by default, and because this strategy uses the header access_token, there's some extra set-up required for anyone using nginx.

401 Unauthorized all the time from Postman with Token verified and sent as either headers or params

I have a backend REST API built with Node + Express + Passport and I'm trying to authenticate using a google access token. I am using this strategy.

I have looked through the package's documentation and issues on github but there was nothing that fixed the issue.

I have verified the access token against:

https://www.googleapis.com/oauth2/v1/tokeninfo?idToken with the id Token and https://www.googleapis.com/oauth2/v1/tokeninfo?acessToken with the access token and both are valid but none of them work. I have double-triple checked that I'm using the correct clientID and secret on the backend and on the frontend I get the token from.

Here's the relevant code:

> 
> app.use(passport.initialize());
> passport.use(
>   new GoogleTokenStrategy(
>     {
>       clientID: config.get('google.clientID'),
>       clientSecret: config.get('google.clientSecret')
>     },
>     function(accessToken, refreshToken, profile, done) {
>       User.findOrCreate({ googleId: profile.id }, function(err, user) {
>         return done(err, user);
>       });
>     }
>   )
> );
> 
> app.use('/user', passport.authenticate('google-token'), userRoute);

and I am importing at the top as follows:


const passport = require('passport');
const GoogleTokenStrategy = require('passport-google-token').Strategy;

The app isn't throwing out any kind of errors.

'new' object is a not a function

Any idea why I am getting this error ?

passport.use(new GoogleTokenStrategy({
             ^
TypeError: object is not a function

Fresh Google Oauth2 and 401 error.

Hello,
I got an acces_token from my android Application like

{"email":[email protected]","userId":"****************","displayName":"_*******_","gender":"male","imageUrl":"https://lh3.googleusercontent.com/-**_**********************_/x4oPC0**_**/photo.jpg?sz=50","givenName":"***********_","familyName":"**_*********_","ageRangeMin":21,"oauthToken":"**_********************************"}

And I created an Oauth2 account on google :

Unfortunately when I declare the
clientID: GOOGLE_CLIENT_ID,
clientSecret: GOOGLE_CLIENT_SECRET

and add the "oauthToken" I have a 401 error
Would you tell me if this behavior is normal and tell me what I missed ?

Thank you very much.

TokenStrategy is not a constructor

Looks like passport-google-token is having some trouble registering.

 express:router:route delete /auth/google/:__feathersId +0ms
  express:router:layer new / +0ms
  express:router:route delete /auth/google/:__feathersId +0ms
  express:router:layer new / +0ms
  express:router:route delete /auth/google/:__feathersId +0ms
  express:router:layer new / +0ms
  feathers-authentication:oauth2 registering passport-google OAuth2 strategy +1ms
  feathers-authentication:oauth2 registering passport-google-token OAuth2 strategy +1ms
/Users/lawrencebolutife/Documents/kunibooks_api/node_modules/feathers-authentication/lib/services/oauth2.js:49
      _passport2.default.use(new TokenStrategy(options, service.oauthCallback.bind(service)));
                             ^

TypeError: TokenStrategy is not a constructor

sebastiangug / passport-google-token Goto Github PK

passport-google-token's People

Contributors

Stargazers

Forkers

passport-google-token's Issues

Recommend Projects

Recommend Topics

Recommend Org