Implementing Google Authentication With Node JS
Вставка
- Опубліковано 14 жов 2024
- Hi guys.
In this video we will be looking at implementing Google authentication with a Node JS application. Thanks for watching.
The code can be found here: github.com/con...
Thanks for watching
conor
Conor, Very Good video. It took me four tries but I finally got it. You did a great job, you explained things well. Yeah you made a few errors, but that just showed me you are human and real. thanks for keeping it real. Most tutorials are so perfect that its brings a persons confidence down, you kept mine up. Be PROUD my friend.
Hey Gary! Really appreciate the comment bud. Yeah it took me a while to get my head around user authentication. It’s never straightforward to implement and I found that the google docs seem to miss out important steps. It took me a few days to initially work out how to get it working. One of the reasons I make these videos is that I will probably find myself watching it in the future to see how I got it working haha. Thanks again mate.
@@ConorBailey im trying to incorporate it into my project...not an easy task. Thank you again
Some thoughts:
1) The content in this is absolutely excellent- thanks
2) If I didn't need glasses before, I do now. Please try figure out a way to increase the resolution of the screen capture you're doing, it's so painful to read code on a grainy screen
3) You make a few mistakes along the way- no need to apologise for this. Every UA-cam coder does this and the really good ones just don't really care- stupid mistakes are so normal they're barely worth noticing, particularly when they get fixed immediately, like in your video. Seeing you make mistakes also helps more junior coders realise they're not as big an idiot as they probably think
4) It would be *really* helpful to have a git link or medium link (or any link) where we can get your code. Having to jump around and pause the video is a pain in the ass when I want to figure out how each part connects to another
5) Again, thanks for the content- I've been trying to find someone who shows how to implement user sessions for a while and this is the first video that made sense, I hope you get more view and subs.
Hey Seán! Thank you so much for the amazing feedback mate! Really appreciate that! Will definitely look into the screen resolution to make it easier to read. Will also post the code in the description in future videos as well as add time stamps to videos. I have added the code for this video in the description now if you need it. Thanks again mate. These comments are super helpful! All the best!
@@ConorBailey ah you legend- thanks a lot. Best of luck with the rest of your videos, looks like you already have good content to explore
Great video Conor. Thanks for creating it. One of the very few videos that helped me understand this very accurately. Two questions I have --
1. Why would you want to signOut at 32.43 ? Wouldn't singing out of google will also make the jwt token that we had received from google invalid and when we check that token on node server using client.verifyIdToken method it will result into an issue ?
2. At 26.15 you have mentioned about sub. Is the value of sub same for a google profile across different clients IDs ? I want to consolidate users across two different web applications using google sign in
Thank you, Conor! I need the same strategy but in a different context with a different tech stack - yet this clarified all the steps I need including generating ID token on front-end, sending it to my backend, validating it, and then storing it somewhere (eg. cookies). Really appreciate your time!
Really useful. Sadly much of your code has just been deprecated by Google but if you plug in what's in the new documentation your solution works. A great video. Many thanks.
This was exactly what I needed.
I really like that you do your best to explain why you do what you do step by step.
You deserve a lot more subs.
Keep up the good work.
Bro whenever I click on sign in then why it is not showing images and name
Please help me
It's not working anymore, some deprecation message keeps popping up in the console, and after logging in to google, the console doesn't show the email id, and other profile information.
Hi, thanks for the tutorial. One question: as I understand correctly, the idToken needs to be refreshed (after 1 hour of expiration). I cannot see this in your tutorial. Did you miss it or I am wrong and the idToken does not have to be refreshed? Thanks, Jan
also, you need to set certain attributes/properties on the cookie ie: SameSite to prevent CRFS attacks and user accounts being compromised. It doesn't need to be refreshed. You can set an expiry on the cookie by using the maxAge property and specifiying in miliseconds how many days you want it to be active.
Honestly such a great video. For some reason, user authentication is one thing I find I struggle with and takes a lot of reading docs & playing around with to get right, which I'm yet to do on mine own, so this is much appreciated! Thank you!
One thing though, I'm not sure if it's an error on my end, but the protected route can still be accessed after logging out by simply pressing the back button, as can the dashboard page. How would you suggest getting around this? Or what have I potentially missed?
Hi mate. Thanks so much for watching and for your comment. And yes authentication is a pain to implement. Took me a while to figure this out to be honest as the google docs can be quite vague sometimes.
Regarding your issue this has come up in the comments previously. You will need to clear the browser cache for that route. Check @tito tabs comment in this comment section where he posted the code he used to fix the issue. I hope this helps. Let me know if it doesn’t. Thanks again.
@@ConorBailey Thanks for pointing me towards that! I actually found that solution didn't work for me initially, but after reading the docs, the syntax just needed tweaking as res.set needs to take an object etc. I'll leave my solution here and under the previous comment, in case it helps anyone in future:
"res.set({
'Cache-Control': 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0'
})"
@@Super_Shaq nice one bud. Glad you got it sorted 👍
Thanks for the video. There are really rare resources about Google OAuth without Passport.js.
Just a quick feedback; you don't need to explain some stuff like what nodemon is, what epxress is etc. You can assume that the audience already knows about it and mention the prerequisites in the beginning of the video.
Thanks again!
What's the difference between implementing Google Sign In (or now called Sign In With Google) over using PassportJS? If I wanted to implement another provider as well, is it a matter of simply implementing the other provider Auth as well?
you are amazing bro. Your method of teaching is very very impressive and outstanding.
Thanks for the video! Why are you calling signOut(); after successfully login in login.ejs page?
thanks for video. one thing is always question to me is that how to combine this with manual sign up process. so imagine in mongo db we have to store user data and app should be authenticated with jsonweb token. so google has its own expiry time for its token and also if user once login with its manual user also have one auth as jsonwebtoken. so how do u approach to store and unify this process. tnx
the way you described jwt-token is amazing
Hello Connor, Thank you very much to share your knowledge, I need that authentication in a test to a job. I am very happy, now I can do. Thanks again :)
Hello, I am new to node and I have a noob question to ask. I have set up my own register/login with emails on my app and my users has to provide password to log in and password field is required in my user model. But how do I integrate/add the google users into my database? Do I have to create another model and collection for google users?
Thanks Conor I'm looking for this like ages
Glad it helped mate
Muchas gracias bro! I was looking for how to do it for one week 😅
Would it be possible for me to combine this with the output from your NodeMailer video, so that I wouldn't need to tell the transporter user to toggle the Less secure app access? Instead of typing the transporter's username and password in the code, it would just be input in the google authentication sign in?
Perfect video, man! Thanks from Brazil.
Great video, very clear and easy to follow. Thanks a lot Conor !
whenever I click on sign in then why it is not showing images and name
Please help me
The library will deprecated in 31 March 2023. So can you make tutorial video again with the new version way?
Love you bro, from HCMUS with love
Does every platform has its own way of authentication e.g. is LinkedIn, Twitter, Facebook authentication very different from this or are they pretty much similar? I’m thinking of giving the user options like Log in with LinkedIn or Twitter or Facebook or gmail
they are all farily similar
thanks.....but i have a doubt that what will be the validity of that id_token?
Man a lot of thanks for the great content! Sorry to tell but that British accent kills me.. 😅 better understanding guys from India speaking English..
I’ve found that the idTokens from Google expire after an hour. Seems like currently the user would have to log in again every hour, given the verify func in checkAuthenticated would fail due to expired idToken. How would you handle this?
Hey Nicholas. Cheers for watching. I’ll have to take a look into this. Looks like there are refresh tokens which should fix your issue. stackoverflow.com/questions/8953983/do-google-refresh-tokens-expire I’ll have a dig around and get back to you. Cheers
@@ConorBailey Thanks for the reply! Would love to know what you come up with, scratching my head trying to figure it out myself.
hey is this outdated?
can't we use passport for this?
Thank you for the tutorial! Really good explained.
Thank you so much sir Very helpful.
Thanks , man! U help me a lot!
PERFECT. Thank you very much!!
Bro whenever I click on sign in then why it is not showing images and name
Please help me
Thanks for the tutorial captain!
06:30 Ejs | View engine
09:06 Set up google API
Awesome tutorial! Is there a way to use google auth without using the browser? for example if I wanted to get info from one of the Google APIs directly from a Cloud Function would that be possible?
Hi mate. Sorry for the delayed response. Yes this should be possible. You will just need to feature the token in the authorisation headers with your request.
after clicking credential app when we should use oauth id and when we should we api key???? plz ans this
Keep it up, you are best!!
It was very helpful. Thank you for making this lecture.
You probably dont give a shit but if you guys are stoned like me during the covid times then you can stream all of the new movies on Instaflixxer. I've been streaming with my girlfriend these days =)
@Ishaan Kane yea, I have been using InstaFlixxer for since november myself :D
It was an excelent explanation and a great video. Congrats.
Thanks Leonardo! Glad it helped you mate.
Very helpful I appreciate your time Thank you
After verify function i cant send cookies(post request)....I wrote the exact code but i didnt got session-cookies in cosole... please help me out... thank you
Thanks man, Nice explanation
Very helpful. I appreciate your time
good one dude ..keep it up ... please add Time Stap ..Thank You!!
Hey Conor, great vid we should colab !
Great explanation! Thanks
Nice one! Glad it helped bud.
@@ConorBailey Do you have tutorial on facebook auth with node.js ?
Hello! Please, can you Implementing Google Authentication With Node JS in actuality? Because got obsolete. Thanks!
Thank you Very much it really helped!!
When you called signOut() after successful login, the session_token got cleared, but you were still able to navigate to the protectedRoute page.
Awesome video +++++++ 😃
Great video mate. Thanks! :)
Thanks Karan! Glad it helped!
WELL DONE, man!
can you share the GitHub link of this code?
Here you go mate: github.com/conorbailey90/Google-Auth
@@ConorBailey Thank you so much!
Good Video, the best !
great video! Thank you so much
its giving error giving can anyone tell how to remove this error Cross-Origin-Opener-Policy policy would block the window.closed call.
I followed this tutorial and able to create a version of my own but I am having some issue after clicking sign out, redirected to the login page, if i press back on the browser i can still access the dashboard
Hmm that’s strange. Did you clear the cookie?
Just checked and yes this is an issue. Will have to look into this! Thanks for the heads up! i found this SO thread which may be of use.
stackoverflow.com/questions/10511893/prevent-back-button-after-logout
@@ConorBailey i was able to fix it by adding this "res.set('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0');" on the route for dashboard. It was the browser cache that allows the access to back page. Thank you
@@TitoTabs legend. Thanks for that bud! Much appreciated!
Can i use jwt to verify the access token?
Is it possible to implement on flutter?
Excelent video!
Why is your client_secret visible in the code?
xhr =)) the first time of my life of JS dev I've seen someone using XHR -_-
Conor Bailey goes ttuu tuu tuu tuushhh...
Hahaa. Yeah sorry no idea why I do that. 😅
it's not giving name and picture now. What happened all of a sudden?
thank you so much, perfect video
Glad it helped you out mate!
@@ConorBailey I only do it using httpserver. How do I use the checkAuthenticated function. When the client sends a request, does it send with a cookie? if not,
let token = req.cookies ['session-token']; How is it going to be
How to implement same in electron js?
good work buddy
Thanks a lot mate.
How to test these APIs on postman?
Great video bro
Thanks mate!
Why don't you use 'dotenv' for storing client ID
if we want to hide the client_id , then it should be hidden in the ejs file also. But we cant hide it via these .env file. So how can we manage it ??????
Hi sir. Please see this stack Overflow post which explains why we do not need to hide client IDs.
stackoverflow.com/questions/34833820/do-we-need-to-hide-the-google-oauth-client-id
There’s also a Quora explanation link in the response the the SO question. Cheers.
@@ConorBailey Thanks buddy ; great help.
I really forgot the fact that we mentioned the authorized js orgiin in our cretential tab.
I have been having the following error, and none of the solutions on google seem to be helping. Any Ideas? Not a valid origin for the client: localhost has not been whitelisted for client ID
hi mate. Did you add localhost to your authorised JS origins in the google console? See 10:10 of the video.
@@ConorBailey Thanks for the quick reply! I have added that along with enabling the analytics API as suggested on google. No luck, unfortunately.
@@ConorBailey I deleted everything and added it back. Seems to be working after trying 5 times. Not sure what changed but thanks for the help!
@@CameronL awesome. Glad you got it working Cameron!
I am getting error 400 invalid request please answer me..!!
This would have been a better vid without EJS, that just makes the video too specific to that one templating engine.
Thank you!
Cheers mate!
Warning everyone - this is now deprecated
😢 so it doesn't work?
What is deprecated? The whole concept from the video? Or what
i'm wondering if it is really free?
Sorry what’s free?
@@ConorBailey is google sign-in a free service??
@@rosalyna_24 yes it is 👍
@@ConorBailey thank you so much for answering me
@@rosalyna_24 thanks for watching 😀
Wrong example in your github, that doesn't work.
Deprecated
Please tell me
i just have look u just tell much about google auth2
You’re pronouncing ‘route’ wrong lol
😁
Thank you!
Thanks for watching Nathan 👍
Deprecated