index.html

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <title>My App</title>
    <script src="https://apis.google.com/js/client:platform.js?onload=startup" async defer></script>
  </head>

  <body>
    <p id="app"></p>
    <p><a href="javascript:startup()">Sign In</a></p>
    <p><a href="javascript:signout()">Sign Out</a></p>
    <script>
      const options = {
        client_id: '446226057240-41tsd2s8h2bmpn0nfg6m78sd6t11edh7.apps.googleusercontent.com',
        scope: 'https://www.googleapis.com/auth/drive',
        ux_mode: 'popup',
        hosted_domain: 'bytelondon.com'
      }

      function startup() {
        gapi.load('auth2', async () => {
          console.log(window.location)
          await gapi.auth2.init(options)
          const auth = gapi.auth2.getAuthInstance()
          if (auth.isSignedIn.get()) {
            document.getElementById('app').innerHTML = 'You’re all ready to go.'
          } else {
            const auth = gapi.auth2.getAuthInstance()
            const code = await auth.grantOfflineAccess(options)
            const xhr = new XMLHttpRequest()
            const qs = new URLSearchParams({ code: code.code })
            xhr.open('GET', window.location.origin + '/verify?' + qs.toString())
            xhr.onload = () => console.log(xhr.responseText)
            xhr.send()
          }
        })
      }

      function signout() {
        gapi.load('auth2', async () => {
          await gapi.auth2.init(options)
          const auth = gapi.auth2.getAuthInstance()
          auth.signOut()
          document.getElementById('app').innerHTML = 'You’re signed out.'
        })
      }
    </script>
  </body>
</html>

index.js

const express = require('express')
const fs = require('fs')
const { OAuth2Client } = require('google-auth-library')

const app = express()
const port = 3000

const credentials = JSON.parse(fs.readFileSync('./client_secret.json', 'utf-8'))
const client_id = credentials.web.client_id
const client_secret = credentials.web.client_secret
const redirect_uris = credentials.web.redirect_uris
const HD = 'bytelondon.com'

app.get('/', (req, res) => res.sendFile(__dirname + '/index.html'))
app.get('/verify', (req, res) => {
  let { code } = req.query

  if (!code) return res.status(403).send({ error: 'missing code' })

  const uri = redirect_uris.find(uri => uri.startsWith('http://localhost:3000'))
  console.log('using redirect', uri)
  if (!uri) return res.status(403).send({ error: 'invalid origin' })

  const client = new OAuth2Client(client_id, client_secret, uri)

  client.getToken(code, (err, token) => {
    if (err) {
      console.error(err)
      return res.status(403).send({ error: 'bad code' })
    }

    client.verifyIdToken({ idToken: token.id_token, audience: client_id }, (err, login) => {
      if (err) {
        console.error(err)
        return res.status(403).send({ error: 'invalid token' })
      }

      const payload = login.getPayload()
      if (payload.hd !== HD) return res.status(403).send({ error: 'invalid domain' })

      res.send({ success: true })
    })
  })
})

app.listen(port, () => console.log(`Example app listening on port ${port}!`))

package.json

{
  "name": "google-sign-in",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "start": "node index.js",
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [],
  "author": "",
  "license": "ISC",
  "dependencies": {
    "express": "^4.16.4",
    "google-auth-library": "^3.1.2"
  }
}