passport-google-auth
v1.0.2
Published
Google (OAuth2) authentication strategy for Passport and Node.js.
Downloads
2,071
Readme
Passport-Google-Auth
Passport strategies for authenticating with Google using OAuth 2.0.
Lead Maintainer: David Pate
This module lets you authenticate using Google in your Node.js applications. By plugging into Passport, Google authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.
Install
npm install passport-google-auth
Usage
Configure Strategy
The Google authentication strategy authenticates users using a Google
account and OAuth 2.0 tokens. The strategy requires a verify
callback, which
accepts these credentials and calls done
providing a user, as well as
options
specifying a client ID, client secret, and callback URL.
var passport = require('passport'),
GoogleStrategy = require('passport-google-auth').Strategy;
passport.use(new GoogleOAuth2Strategy({
clientId: '123-456-789',
clientSecret: 'shhh-its-a-secret',
callbackURL: 'https://www.example.com/auth/example/callback'
},
function(accessToken, refreshToken, profile, done) {
User.findOrCreate(..., function (err, user) {
done(err, user);
});
}
));
If the passReqToCallback
options is passed and it is true, then the verify
callback signature
will look like the following instead.
var passport = require('passport'),
GoogleStrategy = require('passport-google-auth').Strategy;
passport.use(new GoogleOAuth2Strategy({
clientId: '123-456-789',
clientSecret: 'shhh-its-a-secret',
callbackURL: 'https://www.example.com/auth/example/callback'
},
function(req, accessToken, refreshToken, profile, done) {
User.findOrCreate(..., function (err, user) {
done(err, user);
});
}
));
Options
The Strategy
can be configured with the following options.
clientId
String
identifies the client to the service provider RequiredclientSecret
String
secret used to establish ownershup of the client identifier RequiredcallbackURL
String
URL to which the service provider will redirect the user after obtaining authorization. RequiredaccessType
String
Type of access to be requested from the service provider. Can beonline
(default) oroffline
(gets refresh_token) Optionalscope
String
orArray
representing the permission scopes to request access to. (default:https://www.googleapis.com/auth/userinfo.email
) OptionalskipUserProfile
Boolean
If set to false, profile information will be retrieved from Google+. (default:true
) OptionalpassReqToCallback
Boolean
Whentrue
,req
is the first argument to the verify callback (default:false
)
Authenticate Requests
Use passport.authenticate()
, specifying the 'google'
strategy, to
authenticate requests.
For example, as route middleware in an Express application:
var express = require('express'),
app = express();
app.get('/login', passport.authenticate('google'));
app.get('/auth/callback/google',
passport.authenticate('google', { failureRedirect: '/login' }),
function(req, res) {
// Successful authentication, redirect to your app.
res.redirect('/');
}
);
Testing
This repository uses Mocha as its test runner. Tests can be run by executing the following command:
npm test
This will run all tests and report on their success/failure in the console, additionally it will include our Code Coverage.
Code Coverage
This repository uses Istanbul as its code coverage tool. Code Coverage will be calculated when executing the following command:
npm test
This will report the Code Coverage to the console similar to the following:
=============================== Coverage summary ===============================
Statements : 78.07% ( 356/456 )
Branches : 50.23% ( 107/213 )
Functions : 74.77% ( 83/111 )
Lines : 78.07% ( 356/456 )
================================================================================
Additionally, an interactive HTML report will be generated in ./coverage/lcov-report/index.html
which allows browsing the coverage by file.
Code Style
This repository uses JSHint for static analysis, JavaScript Code Style for validating code style, JSInspect to detect code duplication, Buddy.js to detect the use of Magic Numbers, and Node Security Project for detecting potential security threats with our dependencies. Code inspections are run as part of standard testing, to re-evaluate them simply run:
npm test
License
Copyright
Copyright (c) 2014 Riptide Software Inc.