使用Node.js和Google＆Javascript进行OAuth 2登录

Question

This is a follow-up from my earlier question here; invalid_request from getToken in Javascript from Node.js

The application first redirects to google;

app.get('/GoogleLogin.html',function(req,res) {
var scopes = "";

// retrieve google scopes
scopes += config.google_login.scopes.baseFeeds + " "
scopes += config.google_login.scopes.calendar + " "
scopes += config.google_login.scopes.drive + " "
scopes += config.google_login.scopes.driveMetadata + " "
scopes += config.google_login.scopes.profile + " "
scopes += config.google_login.scopes.email + " "
scopes += config.google_login.scopes.tasks

var url = oauth2Client.generateAuthUrl({
    access_type: 'offline',
    scope: scopes
});

res.writeHead(302, {location: url});
res.end();


});

it redirects to google to get the code, then when it returns back, it calls oauth2Client.getToken in order to convert that code to tokens.

app.get('/AuthorizeGoogle.html',function(req,res) {
var queryData   = url.parse(req.url,true).query;
var code        = queryData.code;
var access_token = "";

oauth2Client.getToken(code,function(err,tokens) {
    if (err == null) {
        oauth2Client.setCredentials(tokens);        
        access_token = tokens.access_token;
        googleapis
            .discover('plus','v1')
            .withAuthClient(oauth2Client)
            .execute(function(err, client) {        
                if (err) {
                    console.log('An error occured');
                } 
                else {                      
                    getUserProfile(client, oauth2Client, 'me', function(err, profile) {
                        if (err) {
                            console.log('An error occured retrieving the profile');                                 
                        }
                        else {

                        }
                    });
                }

            });
    } 
    else {
        console.log("There seems to be a problem; " + err);
    }


    res.send("Authorized!");
});

That is OK as far as it goes. However when I next login, using the same google account I get a different code and token. Although the original login and authorisation returns both a token and refresh token - subsequent attempts do not have the refresh token.

As they are different there is no way of telling if the user has already logged in and we have already been authorised.

When I did the same thing in C# - I could use the token to search the database and so link it with user.

So how can I use Google to login and find the user without in effect refreshing the token - since later I will be using the access token to get other parts of the users Google account such as Documents, Emails, Tasks etc.

Thanks in advance

Answer 1

OK Kind of managed it.

Basically instead of using OAuth 2 for both logging on and authorization - I am using OpenId for the login and OAuth2 for the authorization.

OpenId functionality is provided by both passport and passport-google.

var passport        = require('passport');
var GoogleStrategy  = require('passport-google').Strategy;

app.use(passport.initialize());
app.use(passport.session()); 

You need to initialise passport

passport.use(new GoogleStrategy({
    returnURL: 'http://localhost:81/AuthenticateGoogleLogin.html',
    realm: 'http://localhost:81/',
    clientID: config.google_login.client_id,
    clientSecret: config.google_login.client_secret,
},
function(identifier, profile, done) {
    return done(null,profile);
}));

You then get Google to log the user in

app.get('/GoogleLogin.html',passport.authenticate('google', { failureRedirect: '/login' }),
    function(req, res) {
        res.redirect('/');  
});

When Google Returns, using the strategy created earlier

app.get('/AuthenticateGoogleLogin.html', 
  passport.authenticate('google', { failureRedirect: '/Problem.html' }),
  function(req, res) {

});

That handles the login and the authorization to access the users account is exactly as in my original question.