Skip to content

kkkon/passport-google-openidconnect

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.npmignore
.npmignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

Passport-Google-OpenID Connect

Passport strategy for authenticating with Google OpenID Connect.

This module lets you authenticate using Google OpenID Connect in your Node.js applications. By plugging into Passport, Google OpenID Connect authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

Install

$ npm install passport-google-openidconnect

Usage for non Google+

Configure Strategy

The Google OpenIDConnect authentication strategy authenticates users using a Google account and OpenIDConnect tokens. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, and callback URL.

var StrategyGoogle = require('passport-google-openidconnect').Strategy;
passport.use(new StrategyGoogle({
    clientID: GOOGLE_CLIENT_ID,
    clientSecret: GOOGLE_CLIENT_SECRET,
    callbackURL: "http://127.0.0.1:3000/auth/google/callback"
  },
  function(iss, sub, profile, accessToken, refreshToken, done) {
    User.findOrCreate({ googleId: profile.id }, function (err, user) {
      return done(err, user);
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'google-openidconnect' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/auth/google',
  passport.authenticate('google-openidconnect'));

app.get('/auth/google/callback', 
  passport.authenticate('google-openidconnect', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.
    res.redirect('/');
  });

Usage for Google+

Configure Strategy

The Google OpenIDConnect authentication strategy authenticates users using a Google account and OpenIDConnect tokens. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, and callback URL.

var StrategyGoogle = require('passport-google-openidconnect').Strategy;
passport.use(new StrategyGoogle({
    clientID: GOOGLE_CLIENT_ID,
    clientSecret: GOOGLE_CLIENT_SECRET,
    callbackURL: "http://127.0.0.1:3000/auth/google/callback",
    userInfoURL: "https://www.googleapis.com/plus/v1/people/me"
  },
  function(iss, sub, profile, accessToken, refreshToken, done) {
    User.findOrCreate({ googleId: profile.id }, function (err, user) {
      return done(err, user);
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'google-openidconnect' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/auth/google',
  passport.authenticate('google-openidconnect'));

app.get('/auth/google/callback', 
  passport.authenticate('google-openidconnect', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.
    res.redirect('/');
  });

Extended Permissions(more scope)

If you need extended permissions from the user, the permissions can be requested via the scope option to passport.authenticate().

For example, this authorization requests permission to the user's statuses and checkins:

app.get('/auth/google',
  passport.authenticate('google-openidconnect', { scope: ['email', 'profile'] }));

You doesn't need to contain the scope of openid, added by this module automatically

Usage for non Google+ and only openid

Configure Strategy

The Google OpenIDConnect authentication strategy authenticates users using a Google account and OpenIDConnect tokens. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, and callback URL.

var StrategyGoogle = require('passport-google-openidconnect').Strategy;
passport.use(new StrategyGoogle({
    clientID: GOOGLE_CLIENT_ID,
    clientSecret: GOOGLE_CLIENT_SECRET,
    callbackURL: "http://127.0.0.1:3000/auth/google/callback",
    skipUserProfile: true // doesn't fetch user profile
  },
  function(iss, sub, profile, accessToken, refreshToken, done) {
    User.findOrCreate({ googleId: profile.id }, function (err, user) {
      return done(err, user);
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'google-openidconnect' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/auth/google',
  passport.authenticate('google-openidconnect'));

app.get('/auth/google/callback', 
  passport.authenticate('google-openidconnect', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.
    res.redirect('/');
  });

Revoke AccessToken

For example, as route middleware in an Express application:

app.get('/auth/google/revoke', function(req, res, next) {
  var user_accessToken = FETCH_FROM_DB_OR_SESSION;
  var strategy = req._passport.instance._strategy('google-openidconnect');
  strategy.revoke( { accessToken: user_accessToken }, function(err, body, res) {
    next();
  });
});

Credits

License

The MIT License

Original work Copyright (c) 2011-2013 Jared Hanson <http://jaredhanson.net/>

Modified work Copyright (c) 2015 Kiyofumi Kondoh

About

Google OpenID Connect authentication strategy for Passport and Node.js.

Resources

Readme

License

MIT license
Activity

Stars

9 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

5 tags

Packages

No packages published

Languages

  • JavaScript 98.1%
  • Makefile 1.9%