Menu
I cant understand the standard flow of authentication and authorization of Google + without using Passport
Requirement:
Current architecture:
Question:
i) how can I replace my current authentication with Google + ?
ii) when i login using Google + button, I got a access token in my client side, do i send the token back to my server?
iii) but, my server has no information of this user?, do i need first create this user in my server, and when it sends an access token to my server, i will check if this user is valid and return it with my server access token? (so for this user, will not have password information on my server database?, and this access token from google will be stored in my server?)
iv) I read about their doc they are using sessions, when the user first visit the page, I dont want to use sessiosn
I want to know the general flow, the code I could implement it myself, I just want to know the common architecture to solve this problem!
It would be great, if you could show me the general concept to deal with this! :)
546
Passport is a popular, modular authentication middleware for Node. js applications. With it, authentication can be easily integrated into any Node- and Express-based app. The Passport library provides more than 500 authentication mechanisms, including OAuth, JWT, and simple username and password based authentication.
This module lets you authenticate using OAuth 2.0 in your Node. js applications. By plugging into Passport, OAuth 2.0 authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.
We can do Google authentication using OAuth API which is provided by Google on their developer portal. Step 1: Creating Node project using the following command. Keep pressing enter and enter “yes/no” accordingly at the terminus line.
Authentication is basically the verification of users before granting them access to the website or services. Authentication which is done using a Google account is called Google Authentication. We can do Google authentication using OAuth API which is provided by Google on their developer portal.
Passport JS is a middleware for express.js. (I will explain about middlewares below). Passport JS supports various login types, Token, Local (username, password), OAuth, OAuth2, etc. We can combine these to authenticate by signing in with Google, FB, or whatever service with a very minimal amount of code.
When a request to this route is processed, the strategy will authenticate the fact that the user signed in with Google and obtain that user's profile information. If authentication succeeds, passport.authenticate () middleware calls the next function in the stack. In this example, the function is redirecting the authenticated user to the home page.
This is the most recommended way to implement Google+ sign in
Google Hybrid server side signin procedure
To sum it up, there is 2 part;
1) To retrieve the auth token from Google, you could use their available SDKs
2) Once you got the auth token from Google, send it back from your client to your server again
3) In your server, exchange the auth token from Google for their access token to allow you to use the Google API on behalf of the user. You could retrieve user information, post Google+ post
4) Generate your own server access token and send it back to the client
5) In your client, save your server generated access token to be used for CRUD from your server
87
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
