oauthPoc

require('dotenv').config(); const express = require('express'); const session = require('express-session'); const querystring = require('querystring'); const jwt = require('jsonwebtoken'); const axios = require('axios'); const app = express(); const port = 3000; // This is the URL we'll send the user to first // to get their authorization const authorizeURL = 'https://accounts.google.com/o/oauth2/v2/auth'; // This is Google's OpenID Connect token endpoint const tokenURL = 'https://www.googleapis.com/oauth2/v4/token'; const requiresAuth = (req, res, next) => { if (!req.session.auth_jwt) { res.redirect('/login'); return; } next(); }; app.set('view engine', 'pug'); app.set('trust proxy', 1); app.use(session({ secret: process.env.SESSION_SECRET, resave: false, saveUninitialized: true, cookie: { secure: false }, })); app.get('/', (req, res) => { res.render('index.pug', { title: 'Home', message: 'Home', }); }); /** * Initial login 'page' which lists providers. */ app.get('/login', (req, res) => { /** * If the query param 'type' is set to 'google', * redirect the user to authorization URL. */ if (req.query.type === 'google') { const qs = querystring.stringify({ response_type: 'code', client_id: process.env.AUTH_CLIENT_ID, redirect_uri: 'http://localhost:3000/callback', // This means we're treating it as authentication, // and will get back a JWT as well as an access token. scope: 'openid email', }); res.redirect(`${authorizeURL}?${qs}`); return; } res.render('login.pug', { title: 'Login', message: 'Login', }); }); /** * This is the URL that the auth provider redirects to, passing * a code in a qurery parameter. */ app.get('/callback', async (req, res) => { if (!req.query.code) { res.redirect('/login'); return; } /** * We extract the code from the query param and use it to * request an access token from Google. */ const { data: { access_token, id_token } } = await axios({ method: 'post', url: tokenURL, config: { headers: { 'Content-Type': 'multipart/form-data' }}, data: { grant_type: 'authorization_code', client_id: process.env.AUTH_CLIENT_ID, client_secret: process.env.AUTH_CLIENT_SECRET, redirect_uri: 'http://localhost:3000/callback', code: req.query.code, }, }); // Because the scope is OpenID, we'll get back a JWT as well const token = jwt.decode(id_token); // We store the data in the user's session req.session.auth_jwt = token; req.session.access_token = access_token; res.redirect('/account'); }); app.get('/account', requiresAuth, async (req, res) => { const email = req.session.auth_jwt.email; res.render('account.pug', { email, title: 'Account', message: 'Account', name: 'No name' }); }); app.listen(port, () => console.log(`Example app listening on port ${port}!`)) require('dotenv').config(); const express = require('express'); const session = require('express-session'); const querystring = require('querystring'); const jwt = require('jsonwebtoken'); const axios = require('axios'); const app = express(); const port = 3000; // This is the URL we'll send the user to first // to get their authorization const authorizeURL = 'https://accounts.google.com/o/oauth2/v2/auth'; // This is Google's OpenID Connect token endpoint const tokenURL = 'https://www.googleapis.com/oauth2/v4/token'; const requiresAuth = (req, res, next) => { if (!req.session.auth_jwt) { res.redirect('/login'); return; } next(); }; app.set('view engine', 'pug'); app.set('trust proxy', 1); app.use(session({ secret: process.env.SESSION_SECRET, resave: false, saveUninitialized: true, cookie: { secure: false }, })); app.get('/', (req, res) => { res.render('index.pug', { title: 'Home', message: 'Home', }); }); /** * Initial login 'page' which lists providers. */ app.get('/login', (req, res) => { /** * If the query param 'type' is set to 'google', * redirect the user to authorization URL. */ if (req.query.type === 'google') { const qs = querystring.stringify({ response_type: 'code', client_id: process.env.AUTH_CLIENT_ID, redirect_uri: 'http://localhost:3000/callback', // This means we're treating it as authentication, // and will get back a JWT as well as an access token. scope: 'openid email', }); res.redirect(`${authorizeURL}?${qs}`); return; } res.render('login.pug', { title: 'Login', message: 'Login', }); }); /** * This is the URL that the auth provider redirects to, passing * a code in a qurery parameter. */ app.get('/callback', async (req, res) => { if (!req.query.code) { res.redirect('/login'); return; } /** * We extract the code from the query param and use it to * request an access token from Google. */ const { data: { access_token, id_token } } = await axios({ method: 'post', url: tokenURL, config: { headers: { 'Content-Type': 'multipart/form-data' }}, data: { grant_type: 'authorization_code', client_id: process.env.AUTH_CLIENT_ID, client_secret: process.env.AUTH_CLIENT_SECRET, redirect_uri: 'http://localhost:3000/callback', code: req.query.code, }, }); // Because the scope is OpenID, we'll get back a JWT as well const token = jwt.decode(id_token); // We store the data in the user's session req.session.auth_jwt = token; req.session.access_token = access_token; res.redirect('/account'); }); app.get('/account', requiresAuth, async (req, res) => { const email = req.session.auth_jwt.email; res.render('account.pug', { email, title: 'Account', message: 'Account', name: 'No name' }); }); app.listen(port, () => console.log(`Example app listening on port ${port}!`))