0

I'm trying to implement google oAuth2 for android client. I send empty GET request for google login and receive some token. I can't understand why this happening. I used my web client id and secret from developer console.

Here is my code:

var GoogleStrategy = require('passport-google-oauth').OAuth2Strategy;

  passport.use(new GoogleStrategy({
      clientID: 'MY CLIENT ID',
      clientSecret: 'MY SECRET',
      callbackURL: "http://mysite.io/account/googleLogin/callback"
    },
    function(accessToken, refreshToken, profile, cb) {
      console.log("collection findOrCreate");
      console.log("accessToken " + accessToken);
      console.log("createIndex" + profile.id);

    }

app.get('/googleLogin',
  passport.authenticate('google', { scope: ['profile'] }));

app.get('/googleLogin/callback', 
  passport.authenticate('google', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.
    console.log("Google Login Success!");
    res.redirect('/');
  });

Logs:

accessToken ya29.tAI7uCiN-JFKWflq4Wm6xbyQjk1S-qdlB6Ks6GTHnNzzr0N_jz8rUVPZLVlvi4aIkF6SGvw

createIndex 102114909694672049994

When I send with the body, effect is the same.

GET http://mysite.io/account/googleLogin/

{ "idToken": "sometoken" }
Kappa
  • 987
  • 1
  • 14
  • 30
zkvarz
  • 581
  • 1
  • 6
  • 17

1 Answers1

0

I've found different approach. First is this part:

router.get('/googleLogin', passport.authenticate('google', { scope : ['profile', 'email'] }));

redirects user to the google authorization page, after success of which called callback method. It's not what I need, because I already have a token on Android side.

For Android client one of the ways is manually check if the google tokenId is valid or not, sending request to the gooogle API. Implementing this part from official source solved my problem: https://developers.google.com/identity/sign-in/android/backend-auth#verify-the-integrity-of-the-id-token

zkvarz
  • 581
  • 1
  • 6
  • 17