堆栈内存溢出
  简体   繁体   English

如何将Google oAuth与Node.js后端和Angular前端一起使用?

[英]How to use Google oAuth with Node.js backend and Angular frontend?

 原文  2018-11-05 16:50:00       node.js/ angular/ google-oauth

问题描述

I am using Node.js on backend and creates a token for a user each time logins. 我在后端使用Node.js,并在每次登录时为用户创建令牌。 angularx-social-login package makes it very easy to integrate Google OAuth with Angular but how to use it with API? angularx-social-login软件包可以非常轻松地将Google OAuth与Angular集成在一起,但是如何将其与API结合使用? After successful login the Google returns user information with token. 成功登录后,Google会返回带有令牌的用户信息。 I was thinking to send this information to backend and login the user but for that I need to create a route which accepts email address and logins user. 我当时正在考虑将此信息发送给后端并登录用户,但是为此,我需要创建一个接受电子邮件地址并登录用户的路由。 And this will return JWT token which is not secure. 这将返回不安全的JWT令牌。 By secure I mean, anyone can access the route without Google Authentication and generate token. 所谓安全,是指任何人都可以在没有Google身份验证的情况下访问该路由并生成令牌。

I am looking for ideas how developers achieved this. 我正在寻找开发人员如何实现这一目标的想法。

1 个解决方案

解决方案1
 0 已采纳  2018-11-06 13:23:18

I found google-auth-library client package for Node.js managed by Google. 我找到了由Google管理的Node.js的google-auth-library客户端程序包。

Here is the follow: 以下是:

  1. Login user with Angular 用Angular登录的用户
  2. Send the idToken to backend 将idToken发送到后端
  3. Validate token and response to Angular 验证令牌并响应Angular

Node.js: Node.js的: 

exports.googleLogin = function(req, res, next) {
  //verify the token using google client
  return googleClient
    .verifyIdToken({
      idToken: req.body.token,
      audience: config.google.clientID
    })
    .then(login => {
      //if verification is ok, google returns a jwt
      var payload = login.getPayload();
      var userid = payload['sub'];

      //check if the jwt is issued for our client
      var audience = payload.aud;
      if (audience !== config.google.clientID) {
        throw new Error(
          'error while authenticating google user: audience mismatch: wanted [' +
            config.google.clientID +
            '] but was [' +
            audience +
            ']'
        );
      }
      //promise the creation of a user
      return {
        name: payload['name'], //profile name
        pic: payload['picture'], //profile pic
        id: payload['sub'], //google id
        email_verified: payload['email_verified'],
        email: payload['email']
      };
    })
    .then(user => {
      return res.status(200).json(user);
    })
    .catch(err => {
      //throw an error if something gos wrong
      throw new Error(
        'error while authenticating google user: ' + JSON.stringify(err)
      );
    });
};

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在没有前端的情况下使用 Postman 在 Node.js Express 后端服务器上测试 Passport JS Google OAuth - How to test Passport JS Google OAuth on Node.js Express backend server without a frontend using Postman 可以将Angular 2 Dart前端与Node.js后端一起使用吗? - Is it possible to use an Angular 2 Dart frontend with a Node.js backend? 如何在 node.js 后端使用 usestate 并响应前端 - how to use usestate with node.js backend and react frontend 使用 Angular 生产后端 Node.js & Express 和前端 - Production of Backend Node.js & Express and Frontend with Angular 从Node.js后端将数据调用到Angular前端 - Call data to Angular FrontEnd from Node.js BackEnd 用于后端和前端的 Angular 2 + Node JS - Angular 2 + Node JS for backend and frontend 如何在 node.js backEnd 和 angular 2 frontEnd 中使用 jwt 实现社交登录 - how to implement social logins using jwt in node.js backEnd and angular 2 frontEnd 如何从后端验证前端的管理员? (Node.js、Angular、Mongodb) - How can I verify admin in frontend from backend? (Node.js, Angular, Mongodb) 如何从后端获取角度数据并通过node.js发送给前端? - How get data with angular from the backend and send it with node.js for the frontend? 如何在 javascript 前端使用 async await 从 async await node.js 后端接收数据 - how to use async await on javascript frontend to receive data from async await node.js backend
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM