passport-google-openidconnect

0.0.4 • Public • Published

Passport-Google-OpenID Connect

Passport strategy for authenticating with Google OpenID Connect.

This module lets you authenticate using Google OpenID Connect in your Node.js applications. By plugging into Passport, Google OpenID Connect authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

Install

$ npm install passport-google-openidconnect

Usage for non Google+

Configure Strategy

The Google OpenIDConnect authentication strategy authenticates users using a Google account and OpenIDConnect tokens. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, and callback URL.

var StrategyGoogle = require('passport-google-openidconnect').Strategy;
passport.use(new StrategyGoogle({
    clientID: GOOGLE_CLIENT_ID,
    clientSecret: GOOGLE_CLIENT_SECRET,
    callbackURL: "http://127.0.0.1:3000/auth/google/callback"
  },
  function(iss, sub, profile, accessToken, refreshToken, done) {
    User.findOrCreate({ googleId: profile.id }, function (err, user) {
      return done(err, user);
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'google-openidconnect' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/auth/google',
  passport.authenticate('google-openidconnect'));

app.get('/auth/google/callback', 
  passport.authenticate('google-openidconnect', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.
    res.redirect('/');
  });

Usage for Google+

Configure Strategy

The Google OpenIDConnect authentication strategy authenticates users using a Google account and OpenIDConnect tokens. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, and callback URL.

var StrategyGoogle = require('passport-google-openidconnect').Strategy;
passport.use(new StrategyGoogle({
    clientID: GOOGLE_CLIENT_ID,
    clientSecret: GOOGLE_CLIENT_SECRET,
    callbackURL: "http://127.0.0.1:3000/auth/google/callback",
    userInfoURL: "https://www.googleapis.com/plus/v1/people/me"
  },
  function(iss, sub, profile, accessToken, refreshToken, done) {
    User.findOrCreate({ googleId: profile.id }, function (err, user) {
      return done(err, user);
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'google-openidconnect' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/auth/google',
  passport.authenticate('google-openidconnect'));

app.get('/auth/google/callback', 
  passport.authenticate('google-openidconnect', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.
    res.redirect('/');
  });

Extended Permissions(more scope)

If you need extended permissions from the user, the permissions can be requested via the scope option to passport.authenticate().

For example, this authorization requests permission to the user's statuses and checkins:

app.get('/auth/google',
  passport.authenticate('google-openidconnect', { scope: ['email', 'profile'] }));

You doesn't need to contain the scope of openid, added by this module automatically

Usage for non Google+ and only openid

Configure Strategy

The Google OpenIDConnect authentication strategy authenticates users using a Google account and OpenIDConnect tokens. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, and callback URL.

var StrategyGoogle = require('passport-google-openidconnect').Strategy;
passport.use(new StrategyGoogle({
    clientID: GOOGLE_CLIENT_ID,
    clientSecret: GOOGLE_CLIENT_SECRET,
    callbackURL: "http://127.0.0.1:3000/auth/google/callback",
    skipUserProfile: true // doesn't fetch user profile
  },
  function(iss, sub, profile, accessToken, refreshToken, done) {
    User.findOrCreate({ googleId: profile.id }, function (err, user) {
      return done(err, user);
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'google-openidconnect' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/auth/google',
  passport.authenticate('google-openidconnect'));

app.get('/auth/google/callback', 
  passport.authenticate('google-openidconnect', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.
    res.redirect('/');
  });

Revoke AccessToken

For example, as route middleware in an Express application:

app.get('/auth/google/revoke', function(req, res, next) {
  var user_accessToken = FETCH_FROM_DB_OR_SESSION;
  var strategy = req._passport.instance._strategy('google-openidconnect');
  strategy.revoke( { accessToken: user_accessToken }, function(err, body, res) {
    next();
  });
});

Credits

License

The MIT License

Original work Copyright (c) 2011-2013 Jared Hanson <http://jaredhanson.net/>

Modified work Copyright (c) 2015 Kiyofumi Kondoh

Package Sidebar

Install

npm i passport-google-openidconnect

Weekly Downloads

21

Version

0.0.4

License

none

Last publish

Collaborators

  • kkkon