如何使用 OAuth 2.0 API 使用 Google 访问令牌通过 Passport 正确进行身份验证?
How to correctly authenticate through Passport with Google access tokens using the OAuth 2.0 API?
我正在尝试使用类似于 Facebook 策略的 Passport-Google-Token 用户身份验证策略,它工作得很好,但由于某些原因 Google 身份验证,即使所有参数似乎都配置正确不要 return 任何信息并坚持下去。任何建议将不胜感激。
const GoogleTokenStrategy = require('passport-google-token').Strategy;
passport.use('googleToken', new GoogleTokenStrategy(
{
clientID: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET
}, function(accessToken, refreshToken, profile, done) {
console.log('profile google: ', profile);
const email = profile.email;
const name = profile.name;
const firstname = profile.given_name;
const lastname = profile.family_name;
User.findOne({ email: email }, function (err, user) {
if (err) { return done(err); }
// Return if user not found in database
if (!user) {
const newUser = new User({
_id: new mongoose.Types.ObjectId(),
name: name,
firstname: firstname,
lastname: lastname,
email: email
});
newUser.save()
.then(result => {
return done(null, newUser);
})
.catch(err => {
console.log(err);
return done(null, false, {
statusCode: 500,
message: 'Server error',
error: err.message
});
});
}
return done(null, user);
}).catch(err => {
console.log(err);
return done(null, false, {
statusCode: 500,
message: 'Server error',
error: err.message
});
});
}
));
exports.googleLogin = (req, res, next) => {
console.log('started google login');
return passport.authenticate(['googleToken'], function(error, user, info) {
var token;
if (err) {
return res.status(404).json({
statusCode: 404,
message: 'Auth failed',
error: err
});
}
if (info) {
return res.status(401).json({
statusCode: 401,
message: 'Auth failed',
error: info[0]
});
}
// If a user is found
if (user) {
token = user.generateJwt();
return res.status(200).json({
id: user._id,
name: user.name,
email: user.email,
token: token
});
} else {
const error = new Error("User not found");
return res.status(403).json({
statusCode: 403,
message: 'Auth failed',
error: error
});
}
})};
router.post('/googleLogin', controller.googleLogin);
我刚刚结束使用 Google API Client Library 而不是 Passport 策略:
const {OAuth2Client} = require('google-auth-library');
const client = new OAuth2Client(process.env.GOOGLE_CLIENT_ID);
const token = req.body.idtoken;
async function verify() {
const ticket = await client.verifyIdToken({
idToken: token,
audience: process.env.GOOGLE_APP_CLIENT_ID, // Specify the CLIENT_ID of the app that accesses the backend
// Or, if multiple clients access the backend:
//[CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]
});
const payload = ticket.getPayload();
const userid = payload['sub'];
console.log('payload: ', payload)
// If request specified a G Suite domain:
//const domain = payload['hd'];
}
verify().catch(console.error);
我正在尝试使用类似于 Facebook 策略的 Passport-Google-Token 用户身份验证策略,它工作得很好,但由于某些原因 Google 身份验证,即使所有参数似乎都配置正确不要 return 任何信息并坚持下去。任何建议将不胜感激。
const GoogleTokenStrategy = require('passport-google-token').Strategy;
passport.use('googleToken', new GoogleTokenStrategy(
{
clientID: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET
}, function(accessToken, refreshToken, profile, done) {
console.log('profile google: ', profile);
const email = profile.email;
const name = profile.name;
const firstname = profile.given_name;
const lastname = profile.family_name;
User.findOne({ email: email }, function (err, user) {
if (err) { return done(err); }
// Return if user not found in database
if (!user) {
const newUser = new User({
_id: new mongoose.Types.ObjectId(),
name: name,
firstname: firstname,
lastname: lastname,
email: email
});
newUser.save()
.then(result => {
return done(null, newUser);
})
.catch(err => {
console.log(err);
return done(null, false, {
statusCode: 500,
message: 'Server error',
error: err.message
});
});
}
return done(null, user);
}).catch(err => {
console.log(err);
return done(null, false, {
statusCode: 500,
message: 'Server error',
error: err.message
});
});
}
));
exports.googleLogin = (req, res, next) => {
console.log('started google login');
return passport.authenticate(['googleToken'], function(error, user, info) {
var token;
if (err) {
return res.status(404).json({
statusCode: 404,
message: 'Auth failed',
error: err
});
}
if (info) {
return res.status(401).json({
statusCode: 401,
message: 'Auth failed',
error: info[0]
});
}
// If a user is found
if (user) {
token = user.generateJwt();
return res.status(200).json({
id: user._id,
name: user.name,
email: user.email,
token: token
});
} else {
const error = new Error("User not found");
return res.status(403).json({
statusCode: 403,
message: 'Auth failed',
error: error
});
}
})};
router.post('/googleLogin', controller.googleLogin);
我刚刚结束使用 Google API Client Library 而不是 Passport 策略:
const {OAuth2Client} = require('google-auth-library');
const client = new OAuth2Client(process.env.GOOGLE_CLIENT_ID);
const token = req.body.idtoken;
async function verify() {
const ticket = await client.verifyIdToken({
idToken: token,
audience: process.env.GOOGLE_APP_CLIENT_ID, // Specify the CLIENT_ID of the app that accesses the backend
// Or, if multiple clients access the backend:
//[CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]
});
const payload = ticket.getPayload();
const userid = payload['sub'];
console.log('payload: ', payload)
// If request specified a G Suite domain:
//const domain = payload['hd'];
}
verify().catch(console.error);