DEV Community

Beginner’s guide to OAuth: Understanding access tokens and authorization codes using Google API

Risa Fujii on August 16, 2019

As a user, it’s easy and convenient to use your Google account (or Facebook, Twitter, etc.) to sign into other services. You click the "Sign in w...
Collapse
 
dploeger profile image
Dennis Ploeger

Thanks a lot. That was very informative. Could you perhaps speak of other Oauth flows that exist in an advanced post? The flow you described is suitable for frontend requests, but what about backend requests? I saw that the specification allows that, too, with a different type of flow.

Collapse
 
risafj profile image
Risa Fujii

Sounds like a great article idea. I only cover topics I feel comfortable writing about, but I’ll look into it if I have a chance :)

Collapse
 
dploeger profile image
Dennis Ploeger

Awesome! Thanks!

Collapse
 
thecodingalpaca profile image
Carlos Trapet

I was going to suggest the same thing!

Collapse
 
clavinjune profile image
Clavin June

Ah yes, this is what I need ! Can't wait for it lol

Collapse
 
rockykev profile image
Rocky Kev

Ha - what a coincidence! I'm currently working through understanding oauth right now, through javascript. This has been helpful, especially since I couldn't figure out the refresh tokens bit and how that component work. Thank you!

Collapse
 
sidneyyin profile image
Sidney Yin

Did you figure out with Javascript yet? I am trying to do the same, but there are things I certainly don't quite understand yet. If you have time, would you see if you can answer my question?

I am trying to use Passport JS Google OAuth 2 for authentication. I understand that when using Passport and upon successful login in Google (or Facebook/Twitter), it sends you back a token, user profile, etc. which contains the email address of the user among other things. Now, my Database is set up so that each user has a unique email address. What if the user decides to register for an account in my database with an email address, but decides to use Google to log in (this person has multiple email addresses)? Won’t the email address retrieved by logging into Google not match the other email address which is in my database? How do you handle that?

Collapse
 
rockykev profile image
Rocky Kev

I haven't got into that use case. I wish I could go technical for you. Sorry.

From a consumer side: I know Patreon and some saas products i use... offer account creation and then Google Oauth. So yes, you can create a account with email, and login with oauth. If you register with oauth, they make me create an account anyways with email.

The unique key will always be the email, and a separate data field is used to store the Google oauth secret. So email/oauth data are completely separate.

Within the login form, it just needs a successful handshake from email or oauth to provide access.

It's not something I've done, and I'm only speaking from how I see it working in other situations. Best of luck!

Collapse
 
martinbelev profile image
Martin Belev

You were able to simplify the example so much and it is very easy to follow. This can help not only for Google OAuth but as a whole because this is the flow with other libraries as well - or at least LinkedIn, Microsoft Active Directory.

Collapse
 
z4knight profile image
Z4Knight • Edited

simple and clear post,thanks

Collapse
 
g_montard profile image
Guillaume Montard

Very nice introduction article Risa!
Most developers are not comfortable with Oauth, it's ticky, complex and yet very powerful, I'm sure this will help.

Collapse
 
brujua profile image
Bruno Crisafulli

Very helpful and just in right time for me.
Well written, thanks a lot!

Collapse
 
risafj profile image
Risa Fujii

Happy to hear it helped! :)

Collapse
 
dertacke profile image
Thomas Tacke

Yes indeed a really good article about OAuth. I have read some articles the past few days about the topic and this one is really easy to understand and well written.

Collapse
 
developius profile image
Finnian Anderson

Really good post, cheers 😁

Collapse
 
eacallam profile image
Beth Callam

You broke that down really well -- love the flow of the overview and the code snippets are great. Thank you!

Collapse
 
silvernightpetter profile image
silvernightpetter

that was more than useful, thanks!

Collapse
 
risafj profile image
Risa Fujii

I really appreciate comments like this - thanks!