[英]Trying to use Google Oauth2 with Passportjs in Graphql-Yoga Server
I thought I followed all of the docs correctly to implement this, however, I am getting a TokenError: Bad Request
that has the error message invalid_grant
. 我以为我正确地遵循了所有文档以实现此目的,但是,我收到了
TokenError: Bad Request
,其中包含错误消息invalid_grant
。
My server is super simple: 我的服务器非常简单:
require('dotenv').config();
import createServer from './createServer';
const passport = require('passport');
const GoogleStrategy = require('passport-google-oauth20').Strategy;
const server = createServer();
passport.use(
new GoogleStrategy(
{
clientID: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
callbackURL: 'http://localhost:4000/auth/callback',
},
(accessToken, refreshToken, profile, cb) => {
console.log(accessToken);
console.log(refreshToken);
console.log(profile);
cb(null, profile);
},
),
);
server.express.use(
'/auth',
passport.authenticate('google', {
scope: ['email', 'profile'],
session: false,
}),
);
server.express.use(
'/auth/callback',
passport.authenticate('google', {
successRedirect: 'http://localhost:3000/authenticate',
failureRedirect: 'http://localhost:3000/authenticate',
}),
);
server.start(
{
cors: {
credentials: true,
origin: 'http://localhost:3000',
},
},
() => console.log('Server is running on http://localhost:4000'),
);
Is this a problem with the way that I have setup Google in the cloud platform? 我在云平台上设置Google的方式是否有问题? I can't figure out where I went wrong.
我不知道哪里出了问题。 My callback is correctly setup.
我的回调已正确设置。 I'm not sure where else to look for a mistake?
我不确定在哪里还能找到错误?
Another thing that is confusing is that the GoogleStategy is console logging the user profile and the access token that is returned. 另一个令人困惑的是,GoogleStategy是控制台记录用户配置文件和返回的访问令牌的控制台。 I am guessing that the error comes when the callback route tries to verify the code from the URL.
我猜测回调路由尝试从URL验证代码时会出现错误。 Can anyone point me in a direction to look to better troubleshoot this?
谁能指出我的方向,以便更好地解决此问题? Thanks in advance.
提前致谢。
I found a solution that works for me, but I am still unclear if it is "best-practice" or not. 我找到了适合我的解决方案,但是我仍然不清楚它是否是“最佳实践”。 I would love someone with more GraphQL experience to chime in.
我希望有更多GraphQL经验的人加入。
I followed the directions in the docs to authenticate in the front-end: https://developers.google.com/identity/sign-in/web/backend-auth 我按照文档中的说明在前端进行了身份验证: https : //developers.google.com/identity/sign-in/web/backend-auth
Then I wrote a query called isAuthenticated on the back-end that I can use to verify the token. 然后,我在后端编写了一个名为isAuthenticated的查询,可以用来验证令牌。
async isAuthenticated(_: any, { token }) {
if(!token) {
return null;
}
const ticket = await client.verifyIdToken({
idToken: token,
audience: process.env.GOOGLE_CLIENT_ID,
});
return payload;
},
I use a React component to check the token in localStorage before rendering any protected routes. 在渲染任何受保护的路由之前,我使用React组件检查localStorage中的令牌。 This is working for me.
这对我有用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.