sebastiangug / passport-google-token Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
Hi,
can you please publish this repository to npm.
See:
import { Strategy as GoogleStrategy } from 'passport-google-token';
import passport from 'passport';
import { Router } from 'express';
import { User } from './models';
const router = Router();
passport.use(new GoogleStrategy({
clientID: 'CLIENT',
clientSecret: 'SECRET',
},
function(accessToken, refreshToken, profile, done) {
User.create({metaData: profile}).then(function(user, err) {
done(null, user, user);
});
}
));
router.post('/google/callback',
passport.authenticate('google-token'),
function(req, res) {
console.log('HERE!!!!');
res.send('req');
// Successful authentication, redirect home.
}
);
export default router;
For some reason it stays as pending request...
Hi,
Can you use Google-issued JWT tokens for Android app with this library? The flow is described here: https://developers.google.com/identity/protocols/CrossClientAuth
If not, do you know any other passport integrations for that?
Thanks,
Sasha.
Below is my angular js service function( Where auth2 is the google api auth object) and after that is my server passport strategy code. I'm unable to authenticate using headers or params in my http request and keep getting unauthorized error.
this.glogin =function(){
var deferred = $q.defer();.
auth2.signIn({
'scope': 'profile email'
}).then(function(response){
self.gUser=response;
self.accesstoken = self.gUser.getAuthResponse().access_token;
$cookies.put('acctoken',self.accesstoken);
$log.log('self.accesstoken',self.accesstoken);
$http({
method: 'GET',
url:"/auth/google/accesstoken",
//params:{access_token : self.accesstoken},
headers:{
access_token : self.accesstoken
}
}).then(function successCallback(srresponse){
self.userobj=srresponse.data;
$log.log('google passport authenticated user:',srresponse.data);
$cookies.putObject('usrobj',srresponse.data);
deferred.resolve(self.userobj);
},function errorCallback(srresponse){
$log.error("http request for user login failed");
deferred.reject(srresponse.statusText);
}); //$http google+
});
return deferred.promise;
};//glogin
node js code
passport.use(new GoogleTokenStrategy ({
clientID: Auth.googleAuth.clientID,
clientSecret: Auth.googleAuth.clientSecret
}, function(accessToken, refreshToken, profile, done) {
// Create or update user, call done() when complete...
process.nextTick(function(){
ubCust.findOne({'email' : profile.emails[0].value}, function(err, user) {
if (err)
return done(err);
if(user)
{
if(user.facebook.id)
{
user.google.id = profile.id;
user.google.token = accessToken;
user.google.fname = profile.displayName;
user.google.lname = profile.name.familyName;
user.fname = profile.displayName;
user.lname = profile.name.familyName;
user.email = profile.emails[0].value;
user.save(function(err){
if (err)
throw err;
return done(null,user);
});
}
else
return done(null,user);
}
else
{
var newUser = new ubCust;
newUser.google.id = profile.id;
newUser.google.token = accessToken;
newUser.google.fname = profile.displayName;
newUser.google.lname = profile.name.familyName;
newUser.fname = profile.displayName;
newUser.lname = profile.name.familyName;
newUser.email = profile.emails[0].value;
newUser.save(function(err){
if (err)
throw err;
return done(null,newUser);
});
console.log(profile);
}
//done(null, profile, tokens);
}); //findOne
});//nextTick
}
));
Hello,
Thak you for your work.
Google changed a bit and instead of getting an access_token I now get an serverAuthCode and idToken.
Using the serverAuthCode cause now an Unauthorized error.
Do you know what I could do ?
Regards,
Please change this url https://www.googleapis.com/oauth2/v1/userinfo to the following
https://www.googleapis.com/plus/v1/people/me
since the v1 url is deprecated by google api, it only returns id, name, display name only.
Hello,
I got an Unauthorised
response.
This is my current code :
var GoogleTokenStrategy = require('passport-google-token');
passport.use(new GoogleTokenStrategy.Strategy({
clientID: "521119",
clientSecret: "GuIbP6"
},
function(accessToken, refreshToken, profile, done) {
console.log("profile google : " + profile);
return done(null, null);
}
));
app.get('/auth/google/token', passport.authenticate('google-token'),
function(req, res) {
console.log("user : " + req.user);
res.send(req.user);
});
I don't know where is the problem. Can you help me.
The Google API console gives a client_id but nothing named "client secret".
Is it the private key?
Thanks
Does this support "access_type" and "approval_prompt" parameters to be passed to google through authorizationParams?
Hey, I was playing around with this library, and I noticed that I could get a token issued under one client id, and validate it with another. It's possible I'm missing something, but I think this may be vulnerable to a confused deputy problem.
For example, I can take my oauth app from Google:
926872579832-ruurs5s2cirehpavk7141n2tqqjj5el5.apps.googleusercontent.com
Generate a token with it using this link, in a browser (I'm doing this from Ember, which doesn't matter):
https://accounts.google.com/o/oauth2/v2/auth?response_type=token&client_id=926872579832-ruurs5s2cirehpavk7141n2tqqjj5el5.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Ftorii%2Fredirect.html&state=z7D36Js0tlu8b6Xx&scope=email
Which gives me the token:
ya<censored>8e
If I use tokeninfo, it validates to that app id:
$ curl 'https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=ya<censored>8e'
{
"azp": "926872579832-ruurs5s2cirehpavk7141n2tqqjj5el5.apps.googleusercontent.com",
"aud": "926872579832-ruurs5s2cirehpavk7141n2tqqjj5el5.apps.googleusercontent.com",
"sub": "",
"scope": "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/plus.me",
"exp": "1508539316",
"expires_in": "3522",
"email": "[email protected]",
"email_verified": "true",
"access_type": "online"
}
But when I validate it in passport-google-token configured as such (note that clientID is different, as is clientSecret):
passport.use(
new GoogleTokenStrategy({
clientID: '926872579832-dij365g8vl2j7ntsq8ib09toegel1lp1.apps.googleusercontent.com',
clientSecret: '<censored>',
},
function(accessToken, refreshToken, profile, done) {
console.log(accessToken);
console.log(profile);
return done(null, {});
})
);
It successfully validates the token (I'm censoring some fields):
{ provider: 'google',
id: '<id>',
displayName: '',
name: { familyName: '', givenName: '' },
emails: [ { value: '<email>' } ],
_raw: '{\n "id": "<id>",\n "email": "<email>",\n "verified_email": true,\n "name": "",\n "given_name": "",\n "family_name": "",\n "picture": "https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/photo.jpg",\n "hd": "<email>"\n}\n',
_json:
{ id: '<id>',
email: '<email>',
verified_email: true,
name: '',
given_name: '',
family_name: '',
picture: 'https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/photo.jpg',
hd: '<domain>' } }
I'm pretty sure that's incorrect behaviour. From Google's docs, it says:
Important: Before using the token, you need to verify that this field's value exactly matches your Client ID in the Google API Console. This verification ensures that your application is not vulnerable to the confused deputy problem.
I'm pretty sure that's not happening.
This isn't an issue as such, but just a point that it might be worth making clear, i.e. in the readme: nginx strips any headers that contain underscores by default, and because this strategy uses the header access_token
, there's some extra set-up required for anyone using nginx.
I have a backend REST API built with Node + Express + Passport and I'm trying to authenticate using a google access token. I am using this strategy.
I have looked through the package's documentation and issues on github but there was nothing that fixed the issue.
I have verified the access token against:
https://www.googleapis.com/oauth2/v1/tokeninfo?idToken with the id Token and https://www.googleapis.com/oauth2/v1/tokeninfo?acessToken with the access token and both are valid but none of them work. I have double-triple checked that I'm using the correct clientID and secret on the backend and on the frontend I get the token from.
Here's the relevant code:
>
> app.use(passport.initialize());
> passport.use(
> new GoogleTokenStrategy(
> {
> clientID: config.get('google.clientID'),
> clientSecret: config.get('google.clientSecret')
> },
> function(accessToken, refreshToken, profile, done) {
> User.findOrCreate({ googleId: profile.id }, function(err, user) {
> return done(err, user);
> });
> }
> )
> );
>
> app.use('/user', passport.authenticate('google-token'), userRoute);
and I am importing at the top as follows:
const passport = require('passport');
const GoogleTokenStrategy = require('passport-google-token').Strategy;
The app isn't throwing out any kind of errors.
Any idea why I am getting this error ?
passport.use(new GoogleTokenStrategy({
^
TypeError: object is not a function
Hello,
I got an acces_token from my android Application like
{"email":[email protected]","userId":"****************","displayName":"_*******_","gender":"male","imageUrl":"https://lh3.googleusercontent.com/-**_**********************_/x4oPC0**_**/photo.jpg?sz=50","givenName":"***********_","familyName":"**_*********_","ageRangeMin":21,"oauthToken":"**_********************************"}
And I created an Oauth2 account on google :
Unfortunately when I declare the
clientID: GOOGLE_CLIENT_ID,
clientSecret: GOOGLE_CLIENT_SECRET
and add the "oauthToken" I have a 401 error
Would you tell me if this behavior is normal and tell me what I missed ?
Thank you very much.
Looks like passport-google-token is having some trouble registering.
express:router:route delete /auth/google/:__feathersId +0ms
express:router:layer new / +0ms
express:router:route delete /auth/google/:__feathersId +0ms
express:router:layer new / +0ms
express:router:route delete /auth/google/:__feathersId +0ms
express:router:layer new / +0ms
feathers-authentication:oauth2 registering passport-google OAuth2 strategy +1ms
feathers-authentication:oauth2 registering passport-google-token OAuth2 strategy +1ms
/Users/lawrencebolutife/Documents/kunibooks_api/node_modules/feathers-authentication/lib/services/oauth2.js:49
_passport2.default.use(new TokenStrategy(options, service.oauthCallback.bind(service)));
^
TypeError: TokenStrategy is not a constructor
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.