All geek questions in one place

Oauth2 stream without redirect_uri

I am creating an Android / iOS application that communicates with the Node.js server and would like to safely identify them on my server using Google (and / or Facebook) and OAuth2. I looked at the following documentation: https://developers.google.com/+/web/signin/server-side-flow

I do not need authorization, I only need authentication (I just want to make sure that the person calling my Node.js service is the person they say to). To achieve this, if I understand correctly, I must allow the user to log in using Google on the client side, this will give him an authorization code, which they can then give to my server. My server can then exchange this code for access_token and, therefore, get information about the user. I then guarantee that the user is the person to whom they say they are.

The Google documentation (link above) reads: "In the authorized redirect URI field, delete the default value. In this case, it is not used." However, in order for my server to exchange the authorization code for access_token, it must provide redirect_uri, did I miss something?

For example, it is redirect_uriuseless for Unity games (since logging in with Google simply opens a new "window" that closes when you log in, without redirection).

TL DR How do you use OAuth2 to authenticate users between my client and my server without redirecting?

+7
source share
5 answers

TL DR How do you use OAuth2 to authenticate users between my client and my server without redirecting?

. OAuth , (, , ), .

+4

? https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi

URI

Google Developers Console redirect_uris : urn:ietf:wg:oauth:2.0:oob http://localhost. , , , .

http://localhost

Google, - . Google Developers. URL-, -. , , . , .

+3

redirect_uri URL URL, . : URI ? iOS- OAuth2.0?. "", .

+1

, , "postmessage", Nepoxx .

.

  1. 1-6 : https://developers.google.com/identity/sign-in/web/server-side-flow
  2. googleapis npm install --save googleapis
  3. :
    var googleapis = require('googleapis');
    var OAuth2 = googleapis.auth.OAuth2;

    var oauth2Client = new OAuth2(
       GOOGLE_SSO_CLIENT_ID,
       GOOGLE_SSO_CLIENT_SECRET,
       'postmessage' // this is where you might otherwise specifiy a redirect_uri
    );

    oauth2Client.getToken(CODE_FROM_STEP_5_OF_INSTRUCTIONS, function(err, tokens) {
       // Now tokens contains an access_token and an optional refresh_token. Save them.
    });
+1

And it will become really easy if you use VueJS with https://github.com/guruahn/vue-google-oauth2

Client side

import GAuth from 'vue-google-oauth2'

Vue.use(GAuth, {
    clientId: 'xxxxxxx.apps.googleusercontent.com',
    scope: 'profile',
})

async signWithGoogle() {
    const code = await this.$gAuth.getAuthCode() //
    console.log(code ) // { code: 'x/xxxxxxxxxx' }
    // send the code to your auth server
    // and retrieve a JWT or something to keep in localstorage
    // to send on every request and compare with database
}

Server side

import { google } from 'googleapis'

const oauth2Client = new google.auth.OAuth2(GOOGLE_ID, GOOGLE_SECRET, 'postmessage')

google.options({ auth: oauth2Client })

async function getAccount(code) {
    // the code you sent with the client
    const { tokens } = await oauth2Client.getToken(code)
    oauth2Client.setCredentials(tokens)
    const oauth2 = google.oauth2({ version: 'v2' })
    const { data: { id } } = await oauth2.userinfo.get()
    // there you have the id of the user to store it in the database
    // and send it back in a JWT
}
0
source

Source: https://habr.com/ru/post/1568065/

More articles:


All Articles