Hello there, how can i send the jwt token to the fortend to storage in the localstorage

Glad it helped!

You are very welcome! I am glad this has helped you! Thank you for the like and subscribe!

​@@ConsultingNinja❤

Glad it was helpful!

Yes, you can. Sorry if that wasn't clear. I ended up making another video to try to clarify that here kzbin.info/www/bejne/eZm4cpaMZauXrK8. I was just showing that you can also make use of that API if you needed for testing quickly. You would NOT want to do that in production.

Hello, It sounds like you are probably more comfortable working in the front-end. If that is the case, then I would suggest you implement the Google GSI method of OAuth as it is mostly done in the front end. Check out the video on this method here: kzbin.info/www/bejne/qKO2l6aue9Zjetk At the end of that video you would simply save whatever user information you want in your backend and the rest is returned to your front-end already (which you can add to if you like). Hope this helps!

@@ConsultingNinja Thank you! I watched the vid and it helps, but I have a tricky situation and was hoping you could make a recommendation: I have a user admin dashboard app (lets you look up users, see & change their info, etc) that consists of 2 parts: 1) A React SPA frontend for the UI, and 2) a simple Express server backend providing API endpoints that get and update the user data. This is sensitive info, so now we want to secure this app such that only our team members can login & use it. Furthermore, we want to give varying levels of access within the team like admin vs viewer roles. We already use Google workspace for all our logins at work (ie, we have gmail accounts that use our own domain name) and want to continue using those Google logins for this app if possible. So my questions are: What kind of auth flow should we use in this situation? Do we need to store info per user in our server? And critically: How would you recommend we handle the levels of access/roles needed? Ideally I was hoping that we could manage those levels within Google somehow (eg, create Google Groups to represent roles, assign users to those Groups, then our app looks up the user's group somehow during authorization) so that we don't have to keep a separate user DB with access info elsewhere. What do you think?

Sorry for the delay I didn't see this response. These questions I can't answer without understanding your current architecture. These would all depend on what is already implemented. If I was starting from scratch to implement what you are describing and it is already decided I need my own server I would implement my own users. I would allow OAuth, but I would only use it to sign up and sign in and behind the scenes be routing the info from Google through my server to verify. I would attach role information in my server and NOT in Google. You say "Ideally I was hoping that we could manage those levels within Google", can I ask why? Working with Google is a nightmare. The documentation sucks and is frequently outright wrong, misleading, or missing. This also would create a debugging nightmare since if any of the closed door stuff goes wrong at Google you have no idea what it might be and could potentially spend tons of time trying to figure out a bug that isn't caused by anything in your control. Even in your example this would require you to verify that you write your app with a way to verify the role in your own backend, so just skip that whole step and implement your roles in your backend to begin with. Just my two cents.

@@ConsultingNinja Thanks for the response, I appreciate it! We're hosting our apps on Azure (but our login uses Google). Looks like we can do the roles through Azure with some extra hoops to jump through, but if not then we will go the local user DB way like you said. Thanks again!

I can add that one to the list.

Hello, It sounds like you are probably more comfortable working in the front-end. If that is the case, then I would suggest you implement the Google GSI method of OAuth as it is mostly done in the front end. Check out the video on this method here: kzbin.info/www/bejne/qKO2l6aue9Zjetk At the end of that video you would simply save whatever user information you want in your backend and the rest is returned to your front-end already (which you can add to if you like). Hope this helps!

This happens when your redirect url in google console is redirecting the request to the wrong spot. Where is your route being hosted? That is where the redirect url should be pointing. Double check that in your Google developer console. And make sure it matches your actual route.

If you are hosting client and server with different domains, the cookies won't work as you can't exchange cookies cross domain. I am having the same problem.

@@ismaelpaul367 hey I got the solution. You just need to add this line to your code to make it work. app.enable("trust proxy")

Oauth2client.getAccessToken() getAccessToken(): Promise; Get a non-expired access token, after refreshing if necessary

Yes they are the same. oauth2 is just a standard authentication (who the user is) implementation. That can be used for both signing in and signing up. I think this other video will help you. Check this out. kzbin.info/www/bejne/eZm4cpaMZauXrK8 As to the last question, what I do is I take the information that comes back from the oauth2 response and create a user in my database with all (or most) of the information from payload (explanation in that video link). I add one field to my users ; which Is an application specific id (specific to MY application). Technically the never changing value (for Google) is the sub property, short for subject. That is the id in Google that never changes and is account specific. You could just use that if you want, but I like to always have two completely unique values in my applications that should never change and thus two ways to find a user. Most all of the other information is possible to be changed, including email address. Hence why Google always has users setup multiple email addresses for account recovery. But that is a story for another day. I hope that this helps! Mitch Migala (CN)

@@ConsultingNinja thanks, very helpful cheers!

Did you do successfully this task

Try the following: Go to console.developers.google.com/ Select your project. Click 'APIs & auth' Make sure your scope includes "email" and "profile" Wait 10 minutes.

@@ConsultingNinjaThank you however I fixed it in the url I added an = after the ?access_token

What does it say in the console?

Did you fix this issue bro, i got rhe same problem

My pleasure!!

i also did not get a refresh token as well

Check your email

send your github url

This is most likely because there are pretty tight restrictions to using this in "testing" mode You have to publish your app in order to use in hosted domains. Go to my website : www.consultingninja.tech/ and use the contact form to send me a message with your email. I will send some screenshots to guide you. Sorry for the delay I didn't see this.

You're welcome!

add this to the example console.log('credentials',user); const ticket = await oAuth2Client.verifyIdToken({idToken:user.id_token,audience:process.env.CLIENT_ID,}); console.log('ticket',ticket); There is extra information inside of [ticket], this will also tell you if the email has been verified. BUT remember that the email CANNOT be saved as the user! If a person has created a Google account with another email they can change the email to another one then their account will be broken in your app.

@@ConsultingNinja But this code doesnt give us an email address. How do we decode the output give the email address.

Using the above function const ticket = await oAuth2Client.verifyIdToken({idToken:user.id_token,audience:process.env.CLIENT_ID,}); console.log('ticket',ticket); That will in fact give you the email address as well as other information.

Thanks and welcome

There is a more simplified way to implement oauth in your app using Google GSI, you can see that here: kzbin.info/www/bejne/qKO2l6aue9Zjetk