npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

passport-google-web

v1.1.0

Published

"A simple implementation of 'Google Sign-In for Websites'."

Downloads

95

Readme

Passport Strategy for "Google Sign-In for Websites"

This is a very simple implementation of the backend portion of the "Google Sign-In for Websites" authentication flow. It's very easy to set up and the code is very simple. It also has no dependencies, other than passport itself.

Usage

Create a Google API Console project

Before using passport-google-web, you will need to create a Google API Console project. In the project, you create a client ID, which you will need to call the sign-in API.

Configure the client side

Load the Google Platform Library

You must include the Google Platform Library on your web pages that integrate Google Sign-In.

<script src="https://apis.google.com/js/platform.js" async defer></script>

Specify your app's client ID

Specify the client ID you created for your app in the Google Developers Console with the google-signin-client_id meta element.

<meta name="google-signin-client_id" content="YOUR_CLIENT_ID.apps.googleusercontent.com">

Add a Google Sign-In button

The easiest way to add a Google Sign-In button to your site is to use an automatically rendered sign-in button. With only a few lines of code, you can add a button that automatically configures itself to have the appropriate text, logo, and colors for the sign-in state of the user and the scopes you request.

<div class="g-signin2" data-onsuccess="onSignIn"></div>

Send the ID token to your server

After a user successfully signs in, get the user's ID token:

function onSignIn(googleUser) {
  var id_token = googleUser.getAuthResponse().id_token;
  ...
}

Then, send the ID token to your server with an HTTPS POST request:

var xhr = new XMLHttpRequest();
xhr.open('POST', 'https://yourbackend.example.com/tokensignin');
xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
xhr.onload = function() {
  console.log('Signed in as: ' + xhr.responseText);
};
xhr.send('idToken=' + idToken);

Example

Here is an example of the client setup:


<html lang="en">
	<head>
		<meta name="google-signin-scope" content="profile email">
		<meta name="google-signin-client_id" content="YOUR_CLIENT_ID.apps.googleusercontent.com">
		<script src="https://apis.google.com/js/platform.js" async defer></script>
	</head>
	<body>
		<!-- The sign-in button -->
		<div class="g-signin2" data-onsuccess="onSignIn" data-theme="dark"></div>
		<!-- Sign-in script -->
		<script>
			function onSignIn(googleUser)
			{
				// Retrieve the id_token
				const idToken = googleUser.getAuthResponse().id_token;

				// Send it as a post to the backend server
				const xhr = new XMLHttpRequest();
				xhr.open('POST', 'https://yourbackend.example.com/tokensignin');
				xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
				xhr.onload = function ()
				{
					console.log('Signed in as: ' + xhr.responseText);
				};
				xhr.send('idToken=' + idToken);
			}
		</script>
	</body>
</html>

Configure Strategy

The passport-google-web strategy uses a simplified OAuth 2.0 flow, designed to be very easy to implement. Once the client side callback sends the idToken to the backend, the authentication is already complete. All that is required is for the backend to validate the token, to ensure it's not being forged. As such, there's every little required of the strategy, and no configuration options required.

var GoogleStrategy = require('passport-google-web');

passport.use(new GoogleStrategy(function(token, profile, done) {
    User.findOrCreate({ googleId: profile.id }, function(err, user) {
      return cb(err, user);
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the google-signin strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.post('/auth/google', passport.authenticate('google-signin'), function(req, resp)
{
	resp.json(req.user);
});

License

The MIT License