Skip to content

kkkon/passport-google-openidconnect

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Passport-Google-OpenID Connect

Passport strategy for authenticating with Google OpenID Connect.

This module lets you authenticate using Google OpenID Connect in your Node.js applications. By plugging into Passport, Google OpenID Connect authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

Install

$ npm install passport-google-openidconnect

Usage for non Google+

Configure Strategy

The Google OpenIDConnect authentication strategy authenticates users using a Google account and OpenIDConnect tokens. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, and callback URL.

var StrategyGoogle = require('passport-google-openidconnect').Strategy;
passport.use(new StrategyGoogle({
    clientID: GOOGLE_CLIENT_ID,
    clientSecret: GOOGLE_CLIENT_SECRET,
    callbackURL: "http://127.0.0.1:3000/auth/google/callback"
  },
  function(iss, sub, profile, accessToken, refreshToken, done) {
    User.findOrCreate({ googleId: profile.id }, function (err, user) {
      return done(err, user);
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'google-openidconnect' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/auth/google',
  passport.authenticate('google-openidconnect'));

app.get('/auth/google/callback', 
  passport.authenticate('google-openidconnect', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.
    res.redirect('/');
  });

Usage for Google+

Configure Strategy

The Google OpenIDConnect authentication strategy authenticates users using a Google account and OpenIDConnect tokens. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, and callback URL.

var StrategyGoogle = require('passport-google-openidconnect').Strategy;
passport.use(new StrategyGoogle({
    clientID: GOOGLE_CLIENT_ID,
    clientSecret: GOOGLE_CLIENT_SECRET,
    callbackURL: "http://127.0.0.1:3000/auth/google/callback",
    userInfoURL: "https://www.googleapis.com/plus/v1/people/me"
  },
  function(iss, sub, profile, accessToken, refreshToken, done) {
    User.findOrCreate({ googleId: profile.id }, function (err, user) {
      return done(err, user);
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'google-openidconnect' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/auth/google',
  passport.authenticate('google-openidconnect'));

app.get('/auth/google/callback', 
  passport.authenticate('google-openidconnect', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.
    res.redirect('/');
  });

Extended Permissions(more scope)

If you need extended permissions from the user, the permissions can be requested via the scope option to passport.authenticate().

For example, this authorization requests permission to the user's statuses and checkins:

app.get('/auth/google',
  passport.authenticate('google-openidconnect', { scope: ['email', 'profile'] }));

You doesn't need to contain the scope of openid, added by this module automatically

Usage for non Google+ and only openid

Configure Strategy

The Google OpenIDConnect authentication strategy authenticates users using a Google account and OpenIDConnect tokens. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, and callback URL.

var StrategyGoogle = require('passport-google-openidconnect').Strategy;
passport.use(new StrategyGoogle({
    clientID: GOOGLE_CLIENT_ID,
    clientSecret: GOOGLE_CLIENT_SECRET,
    callbackURL: "http://127.0.0.1:3000/auth/google/callback",
    skipUserProfile: true // doesn't fetch user profile
  },
  function(iss, sub, profile, accessToken, refreshToken, done) {
    User.findOrCreate({ googleId: profile.id }, function (err, user) {
      return done(err, user);
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'google-openidconnect' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/auth/google',
  passport.authenticate('google-openidconnect'));

app.get('/auth/google/callback', 
  passport.authenticate('google-openidconnect', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.
    res.redirect('/');
  });

Revoke AccessToken

For example, as route middleware in an Express application:

app.get('/auth/google/revoke', function(req, res, next) {
  var user_accessToken = FETCH_FROM_DB_OR_SESSION;
  var strategy = req._passport.instance._strategy('google-openidconnect');
  strategy.revoke( { accessToken: user_accessToken }, function(err, body, res) {
    next();
  });
});

Credits

License

The MIT License

Original work Copyright (c) 2011-2013 Jared Hanson <http://jaredhanson.net/>

Modified work Copyright (c) 2015 Kiyofumi Kondoh

About

Google OpenID Connect authentication strategy for Passport and Node.js.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • JavaScript 98.1%
  • Makefile 1.9%