stevaidis/dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update OAuth2.md

Browse Source
This commit is contained in:
Ste Vaidis 2024-12-15 12:47:21 +02:00
parent d25d5b9abc
commit 5a762a2de4
1 changed files with 22 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
OAuth2.md
View File

@ -322,17 +322,31 @@ fetch('/api/user-profile', {
# 5. [Backend] Fetch User Data
If you want to fetch the user profile data (e.g., from Google), your backend can use the `access_token` to request it from Googles user info endpoint.
With the access token obtained in the previous step,
your platform can now use it to fetch the user's Google profile and email information.
The token is included in the Authorization header of the request.
<details>
<summary><h3>HTTP Request</h3></summary>
```bash
```sh
GET https://www.googleapis.com/oauth2/v3/userinfo
Authorization: Bearer access-token-from-backend
Authorization: Bearer ya29.a0AfH6SMC8Op6zXZkHi2XITkDoOVzYXt3hTY6sny54UlWlxrnKlX5Xv78is7BEHekVX-VoA
```
- URL: https://www.googleapis.com/oauth2/v3/userinfo
- HTTP Method: GET
- Headers:
- Authorization: Bearer {access_token}: The access token obtained in step 5.
</details>
<details>
@ -352,6 +366,8 @@ Authorization: Bearer access-token-from-backend
}
```
</details>
<details>
@ -384,6 +400,9 @@ app.get('/api/user-profile', async (req, res) => {
# 6. [Backend] Token Expiry and Refresh (Optional)
If the access token expires,
@ -458,109 +477,3 @@ app.post('/api/auth/refresh-token', async (req, res) => {
<br><br><br><br><br><br><br><br><br>
```sh
GET https://xorismesiti.gr/callback?
code=4/0AX4XfWgNmGZVbV7Kdr8Q9yVyzIYBnbbBdLfX39ZaE8m0w8zT8jKRLl7w-uT8k7WiyLg0Q&
state=xyz123
```
- `HTTP` Method: GET
- `URL`: https://xorismesiti.gr/callback
- `Parameters`:
- `code`: The authorization code sent by Google.
- `state`: The same state value sent in the original request (for CSRF protection).
# 4. Access Token Request (Exchange Authorization Code for Token)
Now your platform can use exchange the authorization code for an access token and refresh token.
# 5. Access Token Response (Google Returns Tokens)
1. Google validates the request
2. and returns a response with the access token (which can be used to access the user's Google resources)
3. and optionally, a refresh token (which can be used to refresh the access token when it expires).
```json
{
"access_token": "ya29.a0AfH6SMC8Op6zXZkHi2XITkDoOVzYXt3hTY6sny54UlWlxrnKlX5Xv78is7BEHekVX-VoA",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "1//04d5XHqmn6Hdy3wTf5OYDP1SyBa74zEFURjddQ2A1cFw78PY13pQyWhlD2A6XhDQtKlrjAqU4kS3vGdMvckw",
"scope": "email profile"
}
```
- HTTP Method: 200 OK
- Response Body:
- access_token: The access token used for accessing the user's resources (e.g., profile, email).
- token_type: Usually Bearer, indicating the type of token.
- expires_in: The lifetime of the access token in seconds (e.g., 3600 seconds = 1 hour).
- refresh_token: (Optional) The refresh token used to obtain a new access token when the current one expires.
- scope: The scope of access granted (e.g., email, profile).
# 6. Access Protected Resources (Fetching User Profile Data)
With the access token obtained in the previous step,
your platform can now use it to fetch the user's Google profile and email information.
The token is included in the Authorization header of the request.
- URL: https://www.googleapis.com/oauth2/v3/userinfo
- HTTP Method: GET
- Headers:
- Authorization: Bearer {access_token}: The access token obtained in step 5.
**Request:**
```sh
GET https://www.googleapis.com/oauth2/v3/userinfo
Authorization: Bearer ya29.a0AfH6SMC8Op6zXZkHi2XITkDoOVzYXt3hTY6sny54UlWlxrnKlX5Xv78is7BEHekVX-VoA
```
**Response**
```json
{
"sub": "1234567890",
"name": "John Doe",
"given_name": "John",
"family_name": "Doe",
"profile": "https://plus.google.com/1234567890",
"picture": "https://lh3.googleusercontent.com/a-/AOh14GgIXXl5JXzW0c1Szbl-e1Jch1vhl5rHhH65vlK6J5g5PqkGjj1O0p3t8bgVEOykQ6ykFSQ=s96",
"email": "john.doe@example.com",
"email_verified": true,
"locale": "en"
}
```