NodeJS & Express - Google OAuth2 using PassportJS
ฝัง
- เผยแพร่เมื่อ 9 ก.พ. 2025
- Learn how to protect your API routes using OAuth2 with Google as an identity provider.
We will be creating a REST API using NodeJS & Express. Then we will be protecting some API routes behind authentication. These routes will require the user to authenticate using OAuth2 with Google. We will be using PassportJS (www.passportjs.....
Check out the code on Github: github.com/kri...
Don't forget to Subscribe here: / @krisfoster1
Dude this is the best video I've ever seen about Google OAuth with passport you have no idea how many videos I watched to use Google OAuth with passport a big thank you from Brazil
one of the best code tutorials I've ever watched. Clear, concise and simple. Fantastic video 👏
Thank you for the kind words!
@@KrisFoster1 hey Kris! sorry I sent you a question on twitter. How can I send the user object to the client? thank you!
try this one: th-cam.com/video/5WehZTrgG8o/w-d-xo.html
Yeah I agree
Absolutely, straight to the point and no waste of time
Had to comment.
Went from never working with passport or Oauth to implementing 5 different types of login on my test app. Amazing tutorial.
That's great to hear @Dev Dev Goose. Well done!
Damn 🙄
Such a lack of videos explaining this topic , thank you man !
To the point, goes step by step. Well done!
I have seen a lot and I am impressed by how you manage to get a confusing subject through and so consicely and simple to understand
Great video, have been struggling with this for the past few days, your the first one to tie in all the pieces, authentication, user session, and log out. Thank you good sir!
Other than him, no one was helpful to me for this particular problem, Thanks Man 👍
This video was full of value. I was able to complete it, but even better, I was able to complete it, and now I feel comfortable with utilizing passport/google-oauth2 in my projects moving forward.
Really amazing tutorial, actually the only one where I understood what each part of the code was doing.
it helped me bro, always keep your tutorials as clear as this!!!
Concise, precise, and the code is wise! Thank you for the tutorial.
I'm kind of late to watch this. But this was super helpful. Thank you so much!
Simplest Code and Simplest explanation. awesome
Most helpful video I found about OAuth2 with Node.
Thank you
You are one of the best Tutor.
Thanks for this simple but clear video.
Glad you enjoyed!
Great video. Short and precise . Thanks alot
10:21 The silence here killed me lol
You're the best explain for this mate.
Was so confused with Google Auth, Thank you so much for this wonderful tut
a very big big thanks to you sir for giving such an amazing explanation.............!!!!!!!!!!
Maybe you will like this also so much simpler: th-cam.com/video/5WehZTrgG8o/w-d-xo.html
Your explanation is awesome dude thankyou very much for the knowledge ❤
Thank you, this helped me a lot
Very helpful video it is short and suit ❤❤🎉
the best video I’ve ever seen👍
I used your code, but did not get refresh token, I tried option access_type: 'offline', but still it is not giving refresh token. Could you please tell me how can I get the refresh token. It would be helpfull if you could make a video on it. The solution is not present on internet.
Thanks bro for the detailed explanation. It was a great help
Do you know how I can use this same session in my google extension, so that it automatically logs in the user to my extension?
Great video, made it so easy. Tnx
Thank you for the kind feedback & glad you enjoyed!
the best work bro, thanks a lot...
Good video! Thanks for sharing!
Wil you try this: th-cam.com/video/5WehZTrgG8o/w-d-xo.html
Thanks Kris for this video
Any tips on how to do this using the architecture Route/Controller/Service
totally worth it 🔥🔥
Thank you so clear explaining
So, will the Node.js application use the email address as some Primary Key in the database to identify a user?
is cookie saved in browser in case of token based authentication, i can't find cookie in my browser although when i am am using cookie based authentication , then only i can see cookie saved in my browser??
You used your personal client google id, but how to get it from the user when he hit use button authenticate with Google on my website ?
This is simpler: th-cam.com/video/5WehZTrgG8o/w-d-xo.html
Excellent tutorial 👍🏽
15:08 What do you mean when you said we need to allow the user to be sent as part of the request? I don't really get it.
And how does express-session solve this?
Express-session allows to create a session (req.session object) and can store the session into a database. To store a session where an user is authenticated, Passport comes into play, it's Passport with the serializeUser function that saves inside the session created by Express-session, a property => passport: {user: id} and then Express-session can store the session + the authenticated user inside a db and the server send an http response with the header set-cookie and now the browser saves the cookie and the user is authenticated. If you want to undersand how it works in details, watch the local authentication with Passport here (the first 3 hours) th-cam.com/video/F-sFp_AvHc8/w-d-xo.html.
@@artax5005 Wow this helps, thank you so much
great tutorial thank you!
best tutorial 2021
Great tutorial video😀😀
Thanks for the tutorial
Question: why do you need to serialize or deserialize user data? stated at 8:47? Thanks
I haven't watched this vid yet but serialize means you are making cookie and deserialize means extracting data from that session cookie. The result of the serializeUser method is attached to the session as req.session.passport.user = {}.
I know this is 2 years old but just leaving it for someone here who is also curious,
the serialization defines how you want to attach the user data to the session, for instance if you wanted to filter the user data to like 3 attributes in you would define 'done' inside the serialization method as:
```
passport.serializeUser((user, done) => {
done(null, {
id: user.id,
email: user.email,
cover: user.cover
});
});
```
this reduces the size of your session data by excluding unecessary fields
in the video for the sake of simplicity the guy just attached the entire payload
your deserializeUser function would just assign the data in req.session.passport.user to req.user to make it easier for use
I love you for this.
Thank you, glad you enjoyed!
bro if we login again after logged out ,then popup window did not appear ,why ?
Below seems to work for logout needing a funcion issue in latest version of express.
app.get('/logout', (req, res, next) => {
req.logout(function (err) {
if (err) {
return next(err);
}
// if you're using express-flash
// res.flash('success_msg', 'session terminated');
res.redirect('/');
});
});
very important comment here, thank you! kris foster should pin this!!!
Yes req.logout() needs a callback
Thanks kris for this wonderful video and awesome explanation .
I am watching this video in 2k24 but I am getting one problem after selecting my email account for sign in I am getting "This site can not provide a secure connection". Can anyone help me pls ..
can we somehow edit this page with some better style? Like an Logout button on the top right corner and some general design instead of the white page?
Subscribed!
Hey, what if I wanted to return a token instead of a session id?
Thanks for your sharing. great tutorial.
Yo mate, great video.
Do you know if there is a way to get rid off the "#" at the end of the route?
I mean, redirecting without the slash sign at the end.
Ty!
SO GOOD ❤
nice tutorial !!.😁
Great video.
Thank you so much!!!
Hey kris thanks a lot man
So no DB to save the session?
how do we use(logIn with google) password js with express js in react native
Cannot GET /auth/google/callback getting this error
I just followed this and it was great but when it was time for the logout I had issues with just *req.logout();* and *req.session.destroy();*
As of 7/23 this worked instead
req.logout((err) => {
if (err) { res.send(err); }
else { req.session.destroy((err) => {
if (err) { res.send(err); }
else { res.send('Logging out...'); }
});
}
});
Thanks a lot!
This is such a great tutorial Mr Kris
I can retrieve the email displayName with no problem, but how do I know the other Function? Like Retrieve the photo profile or other information?
I hope you see my question here, Cheers to you!
InternalOAuthError: Failed to obtain access token
why am i getting this?
i cant get it to work with private ip, how did you do that?.. google just blocks my request.
make sure you assign test accounts to OAuth consent screen in google cloud platform, if your application is still in testing and not production it may only allow test account access
2017 style express, niiiiice
help, I get an error of type TokenError: client_secret is missing
It works from browser, but I can't get it working from postman. Even after getting the access token and adding it to authorization header. Can anyone help?
As you have to use your google account which is supposedly the logged in google account in your browser but not in postman. That's the reason its not working in the postman
thx man
saved me
Hi Kris. How can we send to mongodb? Thanks
man you are awesome
Bro!! Thank you..
great job! Thank you very much for the content ^^
A query, what is the difference between oauth2 and oauth20?
- Passport-google-oauth20
- Passport strategy for Google OAuth 2.0
Thank you so much for everything!
It's the same. It's 2.0 but abbreviated to 20
When I click my auth link it just spins.
Well done
20:04, I am still unable to login..
got it, had to change the callbackURL to not include auth
you are grate
Thanks man
But show req.user=undefined
Bro can you mentor me a little over discord? I am self taught. Just learnt mongoose node and express.
does this work in react ?
react works well with express, yes
11:09 my nodemon keeps crashing for whatever reason. It doesn't like the passport.authenticate line
forgot to add const passport
👌
thankyou
does anyone elses logout not work?
I solved the logout problem with this :
app.get("/logout", (req, res) => {
req.logout(req.user, err => {
if(err) return next(err);
res.redirect("/");
});
});
this video is strangely high fps
gracias bb
th-cam.com/video/5WehZTrgG8o/w-d-xo.html
ummmm, hello brother. Sorry i just have a small critic for you but its ok, its a good video. But you don't need to copy paste the code. You need to code it from scratch so i can understand step by step.
Bro u need to stop doing that sound with ur mouth!!!!!!!!!!!
I solved the logout problem with this :
app.get("/logout", (req, res) => {
req.logout(req.user, err => {
if(err) return next(err);
res.redirect("/");
});
});