4

I am currently stuck to handle a google oAuth login in a vue app which is connecting to my own node express api server.

On the express api server i am using passport as a middleware to handle google oauth and after succesfully logged in through google i am generating a jwt in the callback on my backend.

passport.use(new GoogleStrategy({
    clientID: config.get('google.clientID'),
    clientSecret: config.get('google.clientSecret'),
    callbackURL: config.get('google.callbackUrl'),
  },
  function(accessToken, refreshToken, profile, done) {
    User.findOne(
      { socialID: profile.id },
      function (err, user) {
        if (err) {
            return done(err);
        }
        //No user was found... so create a new user with values from Facebook (all the profile. stuff)
        if (!user) {
          user = new User({
            name: profile.displayName,
            email: profile.emails[0].value,
            provider: profile.provider,
            socialID: profile.id,
          });
          user.save(function(err) {
            if (err) console.log(err);
          });
        }

        // the information which shall be inside the jsonwebtoken
        const payload = {
          user: {
            id: user.id
          }
        };

        // create jsonwebtoken and return it
        jwt.sign(
          payload,
          config.get('jwt.secret'), // get the secret from default.json to hash jsonwebtoken
          { expiresIn: config.get('jwt.lifetime') },
          (err, token) => {
            if(err) throw err; // if there is error, throw it and exit
            return done(JSON.stringify(token)); // return jwt token
          }
        );
      }
    );
  }
));

I have theses routes on my api server

// @route   GET api/auth/google
// @desc    Google auth route - get User From Google, store it if not exists yet
// @access  Public
router.get('/google',
  passport.authenticate('google', { scope: ['profile', 'email'], session: false })
);

// @route   GET api/auth/google/callback
// @desc    Google callback route
// @access  Public
router.get('/google/callback',
  passport.authenticate('google', { failureRedirect: '/', session: false }),
  function (req, res) {
    res.redirect('http://localhost:8080/?token=' + res);
  }
);

When i call my backend api route at /auth/google i successfully get redirected to the google login page. But with my approach i am trying to redirect from the callback url back to my vue app with a get parameter "token" to recieve the token in the frontend. The redirect in my backend callback route is not working. How do i pass the token which is generated in the backend to my frontend?

Improve this question

1 Answer 1

Reset to default
4

I came across that the redirect wasn't working because the return done() function expects two parameters to work correctly.

I changed inside the google passport middleware the done function like this

jwt.sign(
 payload,
 config.get('jwt.secret'), // get the secret from default.json to hash jsonwebtoken
 { expiresIn: config.get('jwt.lifetime') },
  (err, token) => {
    if(err) throw err; // if there is error, throw it and exit
    return done(null, token); // return jwt token
  }
);

Now inside my route i can successfully redirect + add the token as a get parameter - so with this workaround i am recieving my jwt which is generated in my backend in my frontend.

// @route   GET api/auth/google/callback
// @desc    Google callback route
// @access  Public
router.get('/google/callback',
  passport.authenticate('google', { failureRedirect: '/', session: false }),
  function (req, res) {
    let token = res.req.user;
    res.redirect('//localhost:8080/?token=' + token);
  }
);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.