stevaidis/dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update OAuth2-Backend-Approach.md

Browse Source
This commit is contained in:
Ste Vaidis 2025-01-08 09:44:02 +02:00
parent 56fa9943b4
commit 55ab14313b
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
OAuth2-Backend-Approach.md
View File

@ -141,10 +141,15 @@ Set-Cookie: access_token=ya29.a0AfH6SMC8Op6zkVX-VoA; HttpOnly; Secure; Max-Age=3
```js ```js
app.get('/callback', async (req, res) => { app.get('/callback', async (req, res) => {
try { try {
//
// 1. Get the authorization code from Google's redirect // 1. Get the authorization code from Google's redirect
//
const { code } = req.query; const { code } = req.query;
//
// 2. POST the authorization code to Google // 2. POST the authorization code to Google
//
const tokenResponse = await fetch('https://oauth2.googleapis.com/token', { const tokenResponse = await fetch('https://oauth2.googleapis.com/token', {
method: 'POST', method: 'POST',
headers: { headers: {
@ -159,10 +164,14 @@ app.get('/callback', async (req, res) => {
}), }),
}); });
//
// 3. Get Response tokens from Google // 3. Get Response tokens from Google
//
const { access_token, refresh_token } = await tokenResponse.json(); const { access_token, refresh_token } = await tokenResponse.json();
//
// 4. Redirect to Fronend success page with a cookie contains the access token // 4. Redirect to Fronend success page with a cookie contains the access token
//
res.cookie('access', access_token, { res.cookie('access', access_token, {
httpOnly: true, // Cannot be accessed by client-side JavaScript httpOnly: true, // Cannot be accessed by client-side JavaScript
secure: true, // Only sent over HTTPS secure: true, // Only sent over HTTPS