NodeJS & Express - Google OAuth2 using PassportJS
ฝัง
- เผยแพร่เมื่อ 26 ก.พ. 2021
- Learn how to protect your API routes using OAuth2 with Google as an identity provider.
We will be creating a REST API using NodeJS & Express. Then we will be protecting some API routes behind authentication. These routes will require the user to authenticate using OAuth2 with Google. We will be using PassportJS (www.passportjs.org/packages/pa....
Check out the code on Github: github.com/kriscfoster/node-g...
Don't forget to Subscribe here: / @krisfoster1 - วิทยาศาสตร์และเทคโนโลยี
Great video, have been struggling with this for the past few days, your the first one to tie in all the pieces, authentication, user session, and log out. Thank you good sir!
I have seen a lot and I am impressed by how you manage to get a confusing subject through and so consicely and simple to understand
Dude this is the best video I've ever seen about Google OAuth with passport you have no idea how many videos I watched to use Google OAuth with passport a big thank you from Brazil
Really amazing tutorial, actually the only one where I understood what each part of the code was doing.
Such a lack of videos explaining this topic , thank you man !
one of the best code tutorials I've ever watched. Clear, concise and simple. Fantastic video 👏
Thank you for the kind words!
@@KrisFoster1 hey Kris! sorry I sent you a question on twitter. How can I send the user object to the client? thank you!
try this one: th-cam.com/video/5WehZTrgG8o/w-d-xo.html
Yeah I agree
Absolutely, straight to the point and no waste of time
This video was full of value. I was able to complete it, but even better, I was able to complete it, and now I feel comfortable with utilizing passport/google-oauth2 in my projects moving forward.
Had to comment.
Went from never working with passport or Oauth to implementing 5 different types of login on my test app. Amazing tutorial.
That's great to hear @Dev Dev Goose. Well done!
Damn 🙄
it helped me bro, always keep your tutorials as clear as this!!!
To the point, goes step by step. Well done!
Most helpful video I found about OAuth2 with Node.
Thank you
Other than him, no one was helpful to me for this particular problem, Thanks Man 👍
Simplest Code and Simplest explanation. awesome
Great video. Short and precise . Thanks alot
Thanks for this simple but clear video.
Glad you enjoyed!
Thanks bro for the detailed explanation. It was a great help
Your explanation is awesome dude thankyou very much for the knowledge ❤
You're the best explain for this mate.
Yo mate, great video.
Do you know if there is a way to get rid off the "#" at the end of the route?
I mean, redirecting without the slash sign at the end.
Ty!
a very big big thanks to you sir for giving such an amazing explanation.............!!!!!!!!!!
Maybe you will like this also so much simpler: th-cam.com/video/5WehZTrgG8o/w-d-xo.html
This is such a great tutorial Mr Kris
I can retrieve the email displayName with no problem, but how do I know the other Function? Like Retrieve the photo profile or other information?
I hope you see my question here, Cheers to you!
Thank you, this helped me a lot
Thank you so clear explaining
Thanks for your sharing. great tutorial.
Thanks Kris for this video
Subscribed!
Hey, what if I wanted to return a token instead of a session id?
Was so confused with Google Auth, Thank you so much for this wonderful tut
the best work bro, thanks a lot...
can we somehow edit this page with some better style? Like an Logout button on the top right corner and some general design instead of the white page?
Great video, made it so easy. Tnx
Thank you for the kind feedback & glad you enjoyed!
So, will the Node.js application use the email address as some Primary Key in the database to identify a user?
best tutorial 2021
Good video! Thanks for sharing!
Wil you try this: th-cam.com/video/5WehZTrgG8o/w-d-xo.html
Do you know how I can use this same session in my google extension, so that it automatically logs in the user to my extension?
is cookie saved in browser in case of token based authentication, i can't find cookie in my browser although when i am am using cookie based authentication , then only i can see cookie saved in my browser??
how do we use(logIn with google) password js with express js in react native
Excellent tutorial 👍🏽
So no DB to save the session?
Below seems to work for logout needing a funcion issue in latest version of express.
app.get('/logout', (req, res, next) => {
req.logout(function (err) {
if (err) {
return next(err);
}
// if you're using express-flash
// res.flash('success_msg', 'session terminated');
res.redirect('/');
});
});
very important comment here, thank you! kris foster should pin this!!!
Yes req.logout() needs a callback
bro if we login again after logged out ,then popup window did not appear ,why ?
Great tutorial video😀😀
help, I get an error of type TokenError: client_secret is missing
Cannot GET /auth/google/callback getting this error
Thanks for the tutorial
Hi Kris. How can we send to mongodb? Thanks
InternalOAuthError: Failed to obtain access token
why am i getting this?
Thank you so much!!!
You used your personal client google id, but how to get it from the user when he hit use button authenticate with Google on my website ?
This is simpler: th-cam.com/video/5WehZTrgG8o/w-d-xo.html
When I click my auth link it just spins.
2017 style express, niiiiice
the best video I’ve ever seen👍
It works from browser, but I can't get it working from postman. Even after getting the access token and adding it to authorization header. Can anyone help?
As you have to use your google account which is supposedly the logged in google account in your browser but not in postman. That's the reason its not working in the postman
Hey kris thanks a lot man
great job! Thank you very much for the content ^^
A query, what is the difference between oauth2 and oauth20?
- Passport-google-oauth20
- Passport strategy for Google OAuth 2.0
Thank you so much for everything!
It's the same. It's 2.0 but abbreviated to 20
I love you for this.
Thank you, glad you enjoyed!
But show req.user=undefined
15:08 What do you mean when you said we need to allow the user to be sent as part of the request? I don't really get it.
And how does express-session solve this?
Express-session allows to create a session (req.session object) and can store the session into a database. To store a session where an user is authenticated, Passport comes into play, it's Passport with the serializeUser function that saves inside the session created by Express-session, a property => passport: {user: id} and then Express-session can store the session + the authenticated user inside a db and the server send an http response with the header set-cookie and now the browser saves the cookie and the user is authenticated. If you want to undersand how it works in details, watch the local authentication with Passport here (the first 3 hours) th-cam.com/video/F-sFp_AvHc8/w-d-xo.html.
@@artax5005 Wow this helps, thank you so much
Question: why do you need to serialize or deserialize user data? stated at 8:47? Thanks
I haven't watched this vid yet but serialize means you are making cookie and deserialize means extracting data from that session cookie. The result of the serializeUser method is attached to the session as req.session.passport.user = {}.
I know this is 2 years old but just leaving it for someone here who is also curious,
the serialization defines how you want to attach the user data to the session, for instance if you wanted to filter the user data to like 3 attributes in you would define 'done' inside the serialization method as:
```
passport.serializeUser((user, done) => {
done(null, {
id: user.id,
email: user.email,
cover: user.cover
});
});
```
this reduces the size of your session data by excluding unecessary fields
in the video for the sake of simplicity the guy just attached the entire payload
your deserializeUser function would just assign the data in req.session.passport.user to req.user to make it easier for use
totally worth it 🔥🔥
nice tutorial !!.😁
Well done
10:21 The silence here killed me lol
thx man
saved me
you are grate
i cant get it to work with private ip, how did you do that?.. google just blocks my request.
make sure you assign test accounts to OAuth consent screen in google cloud platform, if your application is still in testing and not production it may only allow test account access
Great video.
does this work in react ?
react works well with express, yes
man you are awesome
Thanks man
Bro can you mentor me a little over discord? I am self taught. Just learnt mongoose node and express.
20:04, I am still unable to login..
got it, had to change the callbackURL to not include auth
does anyone elses logout not work?
I solved the logout problem with this :
app.get("/logout", (req, res) => {
req.logout(req.user, err => {
if(err) return next(err);
res.redirect("/");
});
});
11:09 my nodemon keeps crashing for whatever reason. It doesn't like the passport.authenticate line
forgot to add const passport
gracias bb
th-cam.com/video/5WehZTrgG8o/w-d-xo.html
this video is strangely high fps
ummmm, hello brother. Sorry i just have a small critic for you but its ok, its a good video. But you don't need to copy paste the code. You need to code it from scratch so i can understand step by step.
I just followed this and it was great but when it was time for the logout I had issues with just *req.logout();* and *req.session.destroy();*
As of 7/23 this worked instead
req.logout((err) => {
if (err) { res.send(err); }
else { req.session.destroy((err) => {
if (err) { res.send(err); }
else { res.send('Logging out...'); }
});
}
});
Thanks a lot!
I solved the logout problem with this :
app.get("/logout", (req, res) => {
req.logout(req.user, err => {
if(err) return next(err);
res.redirect("/");
});
});