I'm currently working on REST API and implementing Authentication using JWT and OAuth for google/Facebook, I managed to get google auth to login and save token in the db my issue is, how to send the token in json response and test it using postman this is example of user route:app.route('/user') .all(app.auth.authenticate()) .get(UserController.findUser) and here my login import jwt from 'jwt-simple'module.exports = app => { const cfg = app.libs.config const Users = app.db.models.Users app.post('/login', (req, res) => { if (req.body.email && req.body.password) { const email = req.body.email const password = req.body.password Users.findOne({where: {email: email}}) .then(user => { if (Users.isPassword(user.password, password)) { const payload = {id: user.id} res.json({ token: jwt.encode(payload, cfg.jwtSecret) }) } else { res.sendStatus(401) } }) .catch(error => res.sendStatus(401)) } else { res.sendStatus(401) } }) app.post('/register', (req, res) => { Users.create(req.body) .then(result => res.json(result)) .catch(error => { res.status(412).json({msg: error.message}) }) }) app.get('/login/google', app.auth.googleAskForPermission()) app.get('/login/google/callback', app.auth.googleAuthenticate()) app.get('/login/google/success', (req, res) => { if (req.user) { res.send(req.user) } else { res.send(401) } }) } and my Auth.jsimport passport from 'passport' import { Strategy, ExtractJwt } from 'passport-jwt' import { OAuth2Strategy as GoogleStrategy } from 'passport-google-oauth' module.exports = app => { const Users = app.db.models.Users const cfg = app.libs.config const params = { secretOrKey: cfg.jwtSecret, jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken() } const strategy = new Strategy(params, (payload, done) => { Users.findById(payload.id) .then(user => { if (user) { return done(null, { id: user.id, email: user.email }) } return done(null, false) }) .catch(error => done(error, null)) }) passport.use(strategy) const googleStrategy = new GoogleStrategy({ clientID: process.env.GOOGLE_AUTH_ID, clientSecret: process.env.GOOGLE_AUTH_SECRET, callbackURL: 'http://localhost:3000/login/google/callback' }, (token, refreshToken, profile, done) => { Users.find({where: {'google.id': profile.id}}) .then(user => { if (user) { return done(null, { id: user.id, email: user.email }) } else { let newUser = { email: profile.emails[0].value, firstName: profile.name.givenName, lastName: profile.name.familyName, password: 'password', google: { id: profile.id, token: token, name: profile.name, email: profile.emails[0].value } } Users.create(newUser) .then(result => done(null, newUser)) } }) }) passport.use(googleStrategy) return { initialize: () => { return passport.initialize() }, authenticate: () => { return passport.authenticate('jwt', cfg.jwtSession) }, googleAskForPermission: () => { return passport.authenticate('google', {scope: ['profile', 'email']}) }, googleAuthenticate: () => { return passport.authenticate('google', {successRedirect: '/login/google/success', session: false}) } } } the problem is req.user is empty during successRedirect, I tried to google the answer but all examples were using express session to serialize the user while I'm trying to use api for mobile app. how to send the google auth token in json response and test it using postman
Submitted September 27, 2017 at 04:06PM by supermedo
No comments:
Post a Comment