Skip to content

Instantly share code, notes, and snippets.

@arturohernandez10

arturohernandez10/OAuthSetup.md

Created August 4, 2022 17:02
Show Gist options
  • Save arturohernandez10/1f35b8367b5dbfb6d87fc5b63e257d49 to your computer and use it in GitHub Desktop.
Save arturohernandez10/1f35b8367b5dbfb6d87fc5b63e257d49 to your computer and use it in GitHub Desktop.
Download ZIP
Oauth setup for google
Raw
OAuthSetup.md

Setup of local enviroment authentication

Config of oAuth workflow

In OAuth authentication an application redirects the user to an external site, which offers the user a login screen. When it's done it will redirect back to a specific callback url indicated in the original redirect to google in this case. The application then makes a direct http call to google to exchange the information passed in the callback for an access_token. The access token is used to verify every API request to the backend API. The current implementation is a hybrid flow which means both the client app and the api are part of the authentication flow.

For configuration the application requires:

Setting Description
FF_GOOGLE_CALLBACK_URL The url second redirect url, passed to google during the first redirect
FF_GOOGLE_CLIENT_ID Unique id identifing the API
FF_GOOGLE_SECRET Password to authenticate backend calls to google

An API account needs to be setup with google to obtain the FF_GOOGLE_CLIENT_ID and FF_GOOGLE_SECRET. For security the callback requested is checked against a whitelist that needs to be given to google. For development FF_GOOGLE_CALLBACK_URL is configured as http:\\localhost:3000\callback. We suggest to configure a test only url to be http:\\localhost:8000\auth\google\callback so that the backend authentication can be tested without the front end.

Steps to create an account with google

1 Sign up with a google account 2 Go to https://console.cloud.google.com and select the API menu 3 press select a project at the top of the page and create a new project. 4 Go to the credentials screen menu option and press create credentials. 5 Select Select OAuth client ID, and Pick Web application. 6 Fill in an name and type http://localhost:8000 and http://localhost:3000 for the javascript origin. 7 Fill in http://localhost:8000/auth/google/callback and http://localhost:3000/callback for the redirect URI. 8 Hit save the id and secret will show up at that point

Here is a longer guide with pictures.

Configuration in files or OS

As an alternative to environment variables for FF_GOOGLE_CALLBACK_URL and FF_GOOGLE_CLIENT_ID. The values can be kept in config\development.ts and config\production.ts. But in particular config\development.ts would need to be removed from source control. The contents would be maintained in a separate file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment