passport-oauth2 icon indicating copy to clipboard operation
passport-oauth2 copied to clipboard

Published 20 hours ago verified publisher icon jaredhanson

Cannot use 'postmessage' as the callback url

Open mattmccarty opened this issue 9 years ago • 6 comments

On the client side, I'm using gapi to grab an authorization code from google and then passing that code to passport-google-oauth via a REST service.

Google is expecting passport to get an access token, by setting the callback to 'postmessage', otherwise a "redirect_uri_mismatch" error is returned (and yes all of my settings are correct in google's console). Unfortunately, the authenticate method on lines 140-148 (of passport-oauth2/lib/strategy.js) see 'postmessage' as a relative url and change it by calling url.resolve().

My question is, can I implement this change and forward over a pull request, or is this not something you see as an issue?

mattmccarty avatar Feb 20 '16 17:02 mattmccarty

What's the benefit to splitting this between the client and server and passing a code between the two? Why not just handle it all from the server-side?

jaredhanson avatar Feb 20 '16 17:02 jaredhanson

Well, I'll describe my use case and let you tell me if there is a better way to handle it.

I'm working on a single page app using angular, which displays a Google login popup window using gapi. After the user logs into Google they must allow the app access to their identity. That then passes the auth code to the server via ajax.

Implementing it in this fashion allows google login without having to redirect the page. To my knowledge I'm not aware of a way to handle this only one the server side without redirects. I may be missing something though

mattmccarty avatar Feb 20 '16 18:02 mattmccarty

Pull request has been created when you have time: https://github.com/jaredhanson/passport-oauth2/pull/52

mattmccarty avatar Feb 23 '16 01:02 mattmccarty

+1

zacharynevin avatar Jul 02 '16 11:07 zacharynevin

@jaredhanson This is a pretty common thing with SPA. Its often better UX to do a brief popup window and pass the code to the server.

zacharynevin avatar Jul 02 '16 11:07 zacharynevin

I encounter this issue as well, how come this issue stays for about 4 years long??? This issue should be merge as soon as possible.

I'm building the SPA Front-end page with React using react-google-login, when the user clicks on the Google sign-in button it will popup the new window with the sign-in page. The one-time authorization code is returned by google after the user successfully sign-in.

(Here's the point) I want to pass this authorization code to my Node.js backend and authenticate with passport, once it's done I can return something like res.status(200).json({ message: 'success' }) just like what we build the RESTful API.

To achieve this, we need to set the callbackURL to 'postmessage' instead of something like 'http://localhost:3000/v1/auth/postmessage', otherwise, a "redirect_uri_mismatch" error is returned!

@jaredhanson Please take a look and fixed, thanks!

SaveYourTime avatar Jun 29 '20 09:06 SaveYourTime