Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Passport & JWT & Google Strategy - Disable session & res.send() after google callback

Using: passport-google-oauth2.

I want to use JWT with Google login - for that I need to disable session and somehow pass the user model back to client. All the examples are using google callback that magically redirect to '/'.

How do I:
1. Disable session while using passport-google-oauth2.
2. res.send() user to client after google authentication.

Feel free to suggest alternatives if I'm not on the right direction.

like image 298
chenop Avatar asked Nov 27 '16 12:11

chenop


People also ask

How long does it takes to renew Singapore passport?

The processing time for a passport is around four to six weeks upon ICA's receipt of the application, if you have submitted all the necessary documents. The processing time will be longer if your photograph does not meet the requirements. You will be notified of the outcome by email.

Can I renew my passport at SingPost?

SingPost provides a one-stop service for applications/renewals and collections of passports, identity cards (NRIC), and long term passes at our selected post office locations islandwide.


1 Answers

Manage to overcome this with some insights:
1. disable session in express - just remove the middleware of the session

// app.use(session({secret: config.secret}))

2. when using Google authentication what actually happens is that there is a redirection to google login page and if login is successful it redirect you back with the url have you provided.

This actually mean that once google call your callback you cannot do res.send(token, user) - its simply does not work (anyone can elaborate why?). So you are force to do a redirect to the client by doing res.redirect("/"). But the whole purpose is to pass the token so you can also do res.redirect("/?token=" + token).

app.get( '/auth/google/callback',
        passport.authenticate('google', {
            //successRedirect: '/',
            failureRedirect: '/'
            , session: false
        }),
        function(req, res) {
            var token = AuthService.encode(req.user);
            res.redirect("/home?token=" + token);
        });

But how the client will get the user entity? So you can also pass the user in the same way but it didn't felt right for me (passing the whole user entity in the parameter list...). So what I did is make the client use the token and retrieve the user.

    function handleNewToken(token) {
        if (!token)
            return;

        localStorageService.set('token', token);

        // Fetch activeUser
        $http.get("/api/authenticate/" + token)
            .then(function (result) {
                setActiveUser(result.data);
        });
    }

Which mean another http request - This make me think that maybe I didnt get right the token concept. Feel free to enlighten me.

like image 91
chenop Avatar answered Sep 22 '22 09:09

chenop