DEV Community: MwariaMa The latest articles on DEV Community by MwariaMa (@dennis_kimani_6bf5f37ba9e). https://dev.to/dennis_kimani_6bf5f37ba9e https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2957674%2F865a7604-2ddb-4c58-b0e5-a66de5569c63.png DEV Community: MwariaMa https://dev.to/dennis_kimani_6bf5f37ba9e en [Boost] MwariaMa Sun, 06 Apr 2025 19:51:48 +0000 https://dev.to/dennis_kimani_6bf5f37ba9e/-442f https://dev.to/dennis_kimani_6bf5f37ba9e/-442f <div class="ltag__link"> <a href="/dennis_kimani_6bf5f37ba9e" class="ltag__link__link"> <div class="ltag__link__pic"> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2957674%2F865a7604-2ddb-4c58-b0e5-a66de5569c63.png" alt="dennis_kimani_6bf5f37ba9e"> </div> </a> <a href="https://dev.to/dennis_kimani_6bf5f37ba9e/oauth2-using-google-auth-nodejs-vuejs-520l" class="ltag__link__link"> <div class="ltag__link__content"> <h2>OAuth2 using Google Auth - Node.Js, VueJs</h2> <h3>MwariaMa ・ Apr 6</h3> <div class="ltag__link__taglist"> <span class="ltag__link__tag">#node</span> <span class="ltag__link__tag">#frontend</span> <span class="ltag__link__tag">#api</span> </div> </div> </a> </div> node frontend api OAuth2 using Google Auth - Node.Js, VueJs MwariaMa Sun, 06 Apr 2025 19:46:03 +0000 https://dev.to/dennis_kimani_6bf5f37ba9e/oauth2-using-google-auth-nodejs-vuejs-520l https://dev.to/dennis_kimani_6bf5f37ba9e/oauth2-using-google-auth-nodejs-vuejs-520l <h2> Introduction </h2> <p>Bonjour! Welcome to the first article in the series: <u>"OAuth2 Authentication for APIs"</u>. Our starting point is integrating Google OAuth2 with a Vue.js frontend and a Node.js backend. The end goal of this series is to create a modular authentication system that can support multiple providers.</p> <h2> What is OAuth2? </h2> <p>Rather than reinvent the wheel, here are some excellent resources that cover OAuth2 in detail:</p> <ul> <li><a href="https://auth0.com/intro-to-iam/what-is-oauth-2" rel="noopener noreferrer">What is OAuth 2.0?</a></li> </ul> <p>Thus, these are the main concepts:</p> <ul> <li> <strong><em>Client</em></strong>: The frontend application that wants access to user data from Google.</li> <li> <strong><em>Backend Engine</em></strong>: This is the server-side application that has all the business logic.</li> <li> <strong><em>Authorization Server</em></strong>: This is a google server that issues access and a refresh token to the Client application.</li> <li> <strong><em>Resource server</em></strong>: This is google server that validates whether an access token is valid.</li> </ul> <h3> OAuth2 Flow Overview </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmkw3zdstkj8du673w10j.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmkw3zdstkj8du673w10j.png" alt="Image description" width="292" height="300"></a><br> From the image above, view the following steps:</p> <ol> <li>The frontend requests Google login.</li> <li>User is redirected to Google to log in.</li> <li>Google returns an authorization code.</li> <li>Frontend sends the code to the backend.</li> <li>Backend exchanges the code for tokens.</li> <li>Backend verifies the ID token and extracts user info.</li> <li>Backend issues its own JWT to the frontend.</li> <li>Frontend stores JWT for API calls.</li> <li>Backend handles access token refresh when needed.</li> </ol> <p>The following are the steps I performed to make this project a success:</p> <ul> <li>Create a Google client ID and client secret.</li> <li>Create a Frontend client</li> <li>Create a backend application</li> <li>Connecting everything</li> </ul> <h2> Configuration on Google Cloud Console 🧱 </h2> <ol> <li>Sign in to <a href="https://cloud.google.com" rel="noopener noreferrer">Google Cloud Console</a> </li> <li>Navigate to <em>*<em>API &amp; Services &gt; Credentials &gt; Create credentials &gt; OAuth Client ID *</em></em> to create a new application.</li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft44mp1w8ve0de8r0dz0t.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft44mp1w8ve0de8r0dz0t.png" alt="Image description" width="722" height="173"></a></p> <ol> <li>Specify: <ul> <li> <strong>Application type</strong>: Web Application.</li> <li> <strong>Application name</strong>: Sample_Application</li> <li> <strong>Authorised JavaScript origins</strong> <em>(which is the domain of your web application)</em>: <a href="http://localhost:5173" rel="noopener noreferrer">http://localhost:5173</a> </li> <li> <strong>Authorised redirect URIs</strong> _(which is the path to be used when a user authenticates with Google.): <a href="http://localhost:5173/auth/callback" rel="noopener noreferrer">http://localhost:5173/auth/callback</a> </li> </ul> </li> <li>Copy your Client ID and Client Secret.</li> </ol> <h3> Configure Frontend Application to work with GCP 💻 </h3> <ol> <li>Create your app: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm create vue@latest </code></pre> </div> <ol> <li>Add a login button: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"google-oauth"</span><span class="nt">&gt;</span> <span class="nt">&lt;button</span> <span class="err">@</span><span class="na">click=</span><span class="s">"loginWithGoogle"</span> <span class="na">class=</span><span class="s">"btn-primary"</span><span class="nt">&gt;</span> <span class="nt">&lt;i</span> <span class="na">class=</span><span class="s">"fab fa-google"</span><span class="nt">&gt;&lt;/i&gt;</span>Sign in With Google <span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;/div&gt;</span> </code></pre> </div> <ol> <li>Implement the button logic: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">loginWithGoogle</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="k">await</span> <span class="nx">authService</span><span class="p">.</span><span class="nf">redirectToGoogle</span><span class="p">();</span> <span class="p">};</span> </code></pre> </div> <ol> <li>.env configuration: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">VITE_GOOGLE_CLIENT_ID</span><span class="o">=</span>&lt;google_client_id&gt; <span class="nv">VITE_GOOGLE_CLIENT_SECRET</span><span class="o">=</span>&lt;google_client_secret&gt; <span class="nv">VITE_GOOGLE_REDIRECT_URI</span><span class="o">=</span>&lt;your redirect uri&gt; <span class="nv">VITE_BACKEND_URL</span><span class="o">=</span>&lt;backend_url&gt; </code></pre> </div> <ol> <li>Use these variables to create the link to initiate the authentication to Google: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">backend_url</span><span class="p">:</span> <span class="nx">string</span><span class="p">;</span> <span class="nl">google_client_id</span><span class="p">:</span> <span class="nx">string</span><span class="p">;</span> <span class="nl">google_client_secret</span><span class="p">:</span> <span class="nx">string</span><span class="p">;</span> <span class="nl">google_redirect_uri</span><span class="p">:</span> <span class="nx">string</span><span class="p">;</span> <span class="nf">constructor</span><span class="p">()</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">backend_url</span> <span class="o">=</span> <span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_BACKEND_URL</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">google_client_id</span> <span class="o">=</span> <span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_GOOGLE_CLIENT_ID</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">google_client_secret</span> <span class="o">=</span> <span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_GOOGLE_CLIENT_SECRET</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">google_redirect_uri</span> <span class="o">=</span> <span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_GOOGLE_REDIRECT_URI</span><span class="p">;</span> <span class="p">}</span> <span class="k">async</span> <span class="nf">redirectToGoogle</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">scope</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">openid email profile</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">responseType</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">code</span><span class="dl">"</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">googleAuthUrl</span> <span class="o">=</span> <span class="s2">`https://accounts.google.com/o/oauth2/v2/auth?client_id=</span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">google_client_id</span><span class="p">}</span><span class="s2">&amp;redirect_uri=</span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">google_redirect_uri</span><span class="p">}</span><span class="s2">&amp;response_type=</span><span class="p">${</span><span class="nx">responseType</span><span class="p">}</span><span class="s2">&amp;scope=</span><span class="p">${</span><span class="nx">scope</span><span class="p">}</span><span class="s2">&amp;prompt=consent&amp;access_type=offline`</span><span class="p">;</span> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span> <span class="o">=</span> <span class="nx">googleAuthUrl</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch</span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Google OAuth Redirect Error:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">error</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>We wish to access your google credentials after authentication, in this case, your email and your name.</p> <h3> Explanation of the Redirect URL Parameters: </h3> <ul> <li>scope=openid email profile: Requests access to the user's basic profile info, including: <ul> <li> <strong>openid</strong>: Needed to obtain an ID token.</li> <li> <strong>email</strong>: Access to the user's email address.</li> <li> <strong>profile</strong>: Access to basic profile information like name and picture.</li> </ul> </li> <li> <strong>response_type=code:</strong> You're requesting an authorization code (which you'll exchange for tokens on the backend).</li> <li> <strong>prompt=consent:</strong> Always show the Google consent screen. This ensures you get a refresh token even if the user has already previously consented.</li> <li> <strong>access_type=offline</strong>: Asks Google for a refresh token, allowing your backend to request new access tokens without the user needing to log in again.</li> </ul> <p>The <a href="https://developers.google.com/identity/openid-connect/openid-connect#scope-param" rel="noopener noreferrer">OpenID Connect</a> documentation has more attributes that can be tweaked in the link.</p> <ol> <li>Specifying routes You ought to specify the routes in the routes folder like so: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="p">{</span> <span class="nl">path</span><span class="p">:</span> <span class="dl">"</span><span class="s2">/auth/callback</span><span class="dl">"</span><span class="p">,</span> <span class="nx">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">auth-callback</span><span class="dl">'</span><span class="p">,</span> <span class="nx">component</span><span class="p">:</span> <span class="nx">AuthCallback</span><span class="p">,</span> <span class="p">}</span> </code></pre> </div> <p>When a user is authenticated in google, the <code>auth-callback</code> route will be used by google to return an access token to the frontend application. <br> Our goal is to issue the user with a JWT token from our own backend server, so we have to send this google access token to the backend like so:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">onMounted</span><span class="p">(</span><span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">code</span> <span class="o">=</span> <span class="nx">route</span><span class="p">.</span><span class="nx">query</span><span class="p">.</span><span class="nx">code</span><span class="p">;</span> <span class="c1">// Get code from URL</span> <span class="k">if </span><span class="p">(</span><span class="nx">code</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// Send code to backend for token exchange</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">backendUrl</span><span class="p">}</span><span class="s2">/auth/google`</span><span class="p">,</span> <span class="p">{</span> <span class="nx">code</span> <span class="p">});</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">setItem</span><span class="p">(</span><span class="dl">"</span><span class="s2">jwt</span><span class="dl">"</span><span class="p">,</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">jwt</span><span class="p">);</span> <span class="c1">// Store backend JWT</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">setItem</span><span class="p">(</span><span class="dl">"</span><span class="s2">access_token</span><span class="dl">"</span><span class="p">,</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">access_token</span><span class="p">);</span> <span class="nx">router</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="dl">"</span><span class="s2">/profile</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Authentication failed</span><span class="dl">"</span><span class="p">,</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="nx">router</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="dl">"</span><span class="s2">/sign-up</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;template&gt;</span> <span class="nt">&lt;div&gt;</span>Processing authentication...<span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/template&gt;</span> </code></pre> </div> <h2> Configure Backend application 💾 </h2> <p>When the frontend sends the code to your backend, your backend needs to:</p> <ul> <li>Exchange the code for tokens</li> <li>Verify the Google ID token</li> <li>Generate and return a JWT</li> </ul> <p>We aim to make the backend know that the user has been authenticated by the frontend, but how do we authenticate this user to access resources from the backend?🎇</p> <p>We start here:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">backendUrl</span><span class="p">}</span><span class="s2">/auth/google`</span><span class="p">,</span> <span class="p">{</span> <span class="nx">code</span> <span class="p">});</span> </code></pre> </div> <p>The URI being called links to this method in the backend:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">async</span> <span class="nf">getGoogleRefreshToken</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">code</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">OAuth2Client</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">googleClientId</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">authMiddleware</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">AuthenticationMiddleware</span><span class="p">();</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">googleTokenUrl</span><span class="p">,</span> <span class="p">{</span> <span class="na">client_id</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GOOGLE_CLIENT_ID</span><span class="p">,</span> <span class="na">client_secret</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GOOGLE_CLIENT_SECRET</span><span class="p">,</span> <span class="na">redirect_uri</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GOOGLE_REDIRECT_URI</span><span class="p">,</span> <span class="na">grant_type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">authorization_code</span><span class="dl">"</span><span class="p">,</span> <span class="nx">code</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/x-www-form-urlencoded</span><span class="dl">"</span> <span class="p">}});</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">id_token</span><span class="p">,</span> <span class="nx">access_token</span><span class="p">,</span> <span class="nx">refresh_token</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">ticket</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nf">verifyIdToken</span><span class="p">({</span> <span class="na">idToken</span><span class="p">:</span> <span class="nx">id_token</span><span class="p">,</span> <span class="na">audience</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">googleClientId</span><span class="p">});</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="nx">ticket</span><span class="p">.</span><span class="nf">getPayload</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">payload</span><span class="p">.</span><span class="nx">sub</span> <span class="o">==</span> <span class="kc">null</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">409</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="nx">payload</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">this</span><span class="p">.</span><span class="nx">refreshTokens</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">payload</span><span class="p">.</span><span class="nx">sub</span><span class="p">,</span> <span class="nx">refresh_token</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">jwtToken</span> <span class="o">=</span> <span class="nx">authMiddleware</span><span class="p">.</span><span class="nf">generateJwt</span><span class="p">({</span><span class="na">userId</span><span class="p">:</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">sub</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">email</span><span class="p">},</span> <span class="nx">res</span><span class="p">);</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">jwt</span><span class="p">:</span> <span class="nx">jwtToken</span><span class="p">,</span> <span class="nx">access_token</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch</span><span class="p">(</span><span class="nx">error</span><span class="p">){</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span><span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Invalid authorization code</span><span class="dl">"</span><span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>What it does:</strong></p> <ul> <li>Uses the authorization code to get id_token, access_token, and refresh_token from Google.</li> <li>Verifies the id_token with Google.</li> <li>Extracts user info and generates a signed JWT.</li> <li>Sends the JWT and access token to the frontend. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">googleTokenUrl</span><span class="p">,</span> <span class="p">{</span> <span class="na">client_id</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GOOGLE_CLIENT_ID</span><span class="p">,</span> <span class="na">client_secret</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GOOGLE_CLIENT_SECRET</span><span class="p">,</span> <span class="na">redirect_uri</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GOOGLE_REDIRECT_URI</span><span class="p">,</span> <span class="na">grant_type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">authorization_code</span><span class="dl">"</span><span class="p">,</span> <span class="nx">code</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/x-www-form-urlencoded</span><span class="dl">"</span> <span class="p">}});</span> </code></pre> </div> <p>The section makes a request to Google's token endpoint to exchange the <em><strong>code</strong></em> for tokens:</p> <ul> <li>access_token: Used to access Google APIs on behalf of the user. id_token: JWT containing user info from Google.</li> <li>refresh_token: Used to get a new access token without user login (if offline access requested). <em>we had specified it in the frontend request</em> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">ticket</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nf">verifyIdToken</span><span class="p">({</span> <span class="na">idToken</span><span class="p">:</span> <span class="nx">id_token</span><span class="p">,</span> <span class="na">audience</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">googleClientId</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="nx">ticket</span><span class="p">.</span><span class="nf">getPayload</span><span class="p">();</span> </code></pre> </div> <p>This ensures the token is really issued by Google, and extracts user info.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">jwtToken</span> <span class="o">=</span> <span class="nx">authMiddleware</span><span class="p">.</span><span class="nf">generateJwt</span><span class="p">({</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">sub</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">email</span> <span class="p">},</span> <span class="nx">res</span><span class="p">);</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">jwt</span><span class="p">:</span> <span class="nx">jwtToken</span><span class="p">,</span> <span class="nx">access_token</span> <span class="p">});</span> </code></pre> </div> <p>Generates your own JWT token (signed using your secret) so the frontend can use it for API calls and returns the JWT and Google access token back to the frontend.</p> <blockquote> <p>The frontend will use that JWT to authenticate a request to the backend.</p> </blockquote> <h2> Connecting everything 🤝 </h2> <p>Let's test!<br> Run your frontend and backend.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6qftyo7lsk8r2ldy3row.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6qftyo7lsk8r2ldy3row.png" alt="Image description" width="260" height="58"></a><br> Choose the google account to use. You'll see the application name in the google page.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmr2zx0v1weojuhdjt1z5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmr2zx0v1weojuhdjt1z5.png" alt="Image description" width="496" height="625"></a><br> You'll view your email address as I had specified in this page:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="o">&lt;</span><span class="nx">script</span> <span class="nx">setup</span><span class="o">&gt;</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">fetchProfile</span><span class="p">()</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="dl">"</span><span class="s2">jwt</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">http://localhost:3000/api/v1/profile</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span> <span class="p">},</span> <span class="p">});</span> <span class="nx">profile</span><span class="p">.</span><span class="nx">value</span> <span class="o">=</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">user</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">error</span><span class="p">.</span><span class="nx">value</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Unauthorized. Please sign in again.</span><span class="dl">"</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="nf">onMounted</span><span class="p">(</span><span class="nx">fetchProfile</span><span class="p">);</span> <span class="o">&lt;</span><span class="sr">/script</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">template</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">div</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">h2</span><span class="o">&gt;</span><span class="nx">Profile</span><span class="o">&lt;</span><span class="sr">/h2</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">p</span> <span class="nx">v</span><span class="o">-</span><span class="k">if</span><span class="o">=</span><span class="dl">"</span><span class="s2">error</span><span class="dl">"</span><span class="o">&gt;</span><span class="p">{{</span> <span class="nx">error</span> <span class="p">}}</span><span class="o">&lt;</span><span class="sr">/p</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">v</span><span class="o">-</span><span class="k">if</span><span class="o">=</span><span class="dl">"</span><span class="s2">profile</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">p</span><span class="o">&gt;</span><span class="nx">Email</span><span class="p">:</span> <span class="p">{{</span> <span class="nx">profile</span><span class="p">.</span><span class="nx">email</span> <span class="p">}}</span><span class="o">&lt;</span><span class="sr">/p</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span><span class="o">&lt;</span><span class="sr">/template</span><span class="err">&gt; </span></code></pre> </div> <h1> Conclusion🎉 </h1> <p>I hope this article was helpful. Incase of any need for reference, kindly go to this <a href="https://github.com/dgikonyo/oauth2_sample" rel="noopener noreferrer">github link</a> for more information. I couldn't have summarised everything here.</p> <p>Don't forget to provide some feedback!</p> <p>Happy coding!</p> <h1> References </h1> <ul> <li><p><a href="https://auth0.com/intro-to-iam/what-is-oauth-2" rel="noopener noreferrer">What is OAuth 2.0?</a></p></li> <li><p><a href="https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2" rel="noopener noreferrer">An Introduction to OAuth 2</a></p></li> <li><p><a href="https://developers.google.com/identity/protocols/oauth2" rel="noopener noreferrer">Using OAuth 2.0 to Access Google APIs</a></p></li> </ul> node frontend api