Just remarkable way of explaining OAuth 2.0; that diagram has solved all my 'how it works' doubts, and also didn't know that some services do not verify e-mail addresses... 👌

This was great, just what I wanted to see, raw implementation, to really understand the work flow Thank you, sir!😇

looks good but one feedback is to not have music in the bg its pretty distracting

Wow, dude, it's incredibly beneficial in enhancing my comprehension of the process.

Does anybody know where to find these URLs? I can't seem to find them on Google or the documentations

A quick advice… when teaching some modules… please try to do it in a single code… dont jump around… it is easier for the learner to understand

Beautifully explained, thank you Tom!

Finally found what I was looking for 🙌

Finally ! you are really good thank you Excellent explanation

If anyone is facing the error - An error occured while saving your app - According to Google's new policy you cannot include the keyword Google in your app name so try removing that

Very fine work man. Keep it up ;)

Hi, can I ask how a user information is stored & retrieved from the database using oauth2.0? Thank you

Amazing content Tom! Thanks!

Thank you so much! This was helpful

Very thanks but have a problem with token it set in localhost but not in production have express in backend and nextjs in frontend both hosted on vercel with custom domain i put res.cookie httponly:false secure true but token is not set i need help pls😢

Great tutorial! I really like the fact we built most of the implementation from scratch. There's one part that I am really confused about right now and cannot seem to find the answer to elsewhere. Once I have created the custom user document on my backend as well as the access/refresh tokens, how do I then send this data to my frontend and put it in my Redux store? An answer to this would be a massive help to me right now. Thank you.

But, if you have the redirect url to your client, wouldn't the client then have to intervene in the oauth flow? Timecode 9:50

Just what I needed. Thanks.

Amazing tutorial, it's been immensely helpful to me. One clarification: In the final 8 minutes, from "Create session" onward, you're just manually creating a JWT based off the user's information *pulled from the database* right? My big question is, are you using anything retrieved from Google's API in this manual JWT process, or are you just grabbing user info you have stored in Mongo, making a JWT, and sending it forward as cookies? Basically, the id_token and auth_token from Google are ONLY to access Google information, and have nothing to do with the session state *of your actual application*, right? Again, thanks for an incredible tutorial!

Hey Tom, amazing video thank you! I am implementing OAuth in an API with Fastify, but there are two things I’m still confused on. Firstly, do we need to check with google at some point that the users OAuth credentials are still valid? For example if they revoke access through their google account? Because with this setup they would still remain logged in with the app as after login authorisation is done with our JWTs not Google’s. Do you also have to revoke the user’s google OAuth tokens if they delete their account? I can’t seem to find a consensus on if this is necessary Thank you again! 😊

Thanks, you are very helpful

First off, great video, watched it from start to finish but why stress? why not just use passport?

Hello, when I install a node.js application, I write "init" to an empty file and install it and create app.js myself. Is there an easier way or a ready way to do this??

How can i use jwt instead of cookie, and send jwt and redirect to /home route??

Great tutorial!

whoo i finally got the right video ❤

hey with localhost I am getting invalid request error (google says on localhost i can't use auth2.0 anymore) . what should i do ?

extremely benificial man

Thanks. It was awesome!

Is it possible to perform this: I would like to have calendars available for reservations. A 3rd person will receive a card in the front end with an available grid to pick to reserve time. But this person won't do a consent or anything, will just select a time. Then at the backend it will hit Google Calendar API of the resource(aka: random professional sharing services) to get a turn/booking reservation. The availability will be restricted in the frontend, and also will be consulted the time slots available between that gap defined. The doubt i have is that somehow or at least once a week the resource must give consent, how would you do it? Will it have to be done manually? Or can the backend do it on behalf of the resource?

That means from frontend will have a getUser function, base on accessToken and refresh token

can i build facebook login the same way? amy major difference in consent screen url construction?

Congrats for 2k subscribers. Do you plan a discord channel for your subscribers maybe?

useful tutorial!

Nice, but too be an small repo, tracking the call between modules is a little complex.

Thanks for the useful video! I have a question, does this code is the authorization code from initCodeClient() ?

Would storing the sessions in Redis instead of a database be a better approach? Or is that something you should only worry about when your app is scaling, on a needs basis. I take it storing the sessions in a database would be fine for little side projects?

Quick question, don't you have problems upserting the user because the password field is required?

Thank you

Amazing video code!

Hey! I saw that you answered on this question a couple of times but something I can't figure out is the following. You said that instead of setting cookies we could return the access and refresh token in the a JSON body. But the implementation shown in this tutorial is using a redirect from Google to the back-end via a GET request which means we can't send JSON data back to the React application. The only idea I had was that after a successful login on google we redirect the user back to the react app and than check if the URL contains a "code" query parameter and than do the request to the back-end, but that seems like a unnecessary step. Do you have an suggestion on how to approach this problem?

I get redirect mismatch every now and then. I just edit the client and it works . After 30 minutes. It fails again

thank you!!!

great thanks 👌

Where to find the rest api endpoints for oauth2.0 ? Is there any postman collection?

when I use the axios post it returns: {error: 'invalid_grant', error_description: 'Bad Request' } AxiosError: Request failed with status code 400. Still stucking here and can not have the access_token like your video

Awesome Tutorial as always +++++++++++++++++ Thank you 🙂

what is the point of storing user data on database after oauth? does that mean users will be able to login using google oauth credentials? if so where is the password being stored?

Great tutorial! I would like to ask, what if a new user wants to login? Instead of findAndUpdate I have to create a new user right?

Hi tom nice tutorial, can you please share the docs how to implement this google Oauth from google page?

Can we surpass the consent screen? I do not want to show that in my application. I want to work internally.

Hi where is the video to create session and cookies

how to impliment in react native?

Is this in continuation with first video of playlist or a separate video?

I am good at react but I can't make good looking Ui components, TBH I am not confident at my css skills. Any suggestions on how to improve myself in css?

What about sign up with google?😢

Hey! This tutorial helped a lot and made the Google OAuth flow extremely clear! I had a question, instead of setting cookies and redirecting the user at the end, is there any way that we send the jwt access token so that we can set it in local storage in the client side?

why did you stop making video sir ?? We want your comeback

Isn't this method vulnerable to csrf attacks? You should be using a csrf token in the oauth state.

i like your terminal

Bro, this tutorial was awesome!! Great for people that wanted to learn things the "hard" way and yet, you made it quite easy to execute. Also google oAuth is quite well documented. I'm using this for the KZbin api scopes and it worked simply by replacing scopes

hi Tom, thank you for the tutorial. How can I integrate the UI with Angular

How bout those of us that aren't using NextJS???

I wanted to do Google sign without passport, but you have cloned the git repo which you have done in previous video. In the pre video, you cloned something you made before that, so to start this video I have to understand what you did in other videos and repos first which is unfavorable. Please start from scratch in new videos or at least explain what is in the cloned repo already.

the missing video

Great Content, but most practical cases api and frontend domain are not same so cookies cannot be set from backend

thank you