4.3 KiB
4.3 KiB
Google OAuth Login Setup Guide
Overview
This project has integrated Google OAuth login functionality, supporting user authentication through Google accounts.
Environment Variable Configuration
Add the following configuration to your .env file:
# Google OAuth Configuration
GOOGLE_CLIENT_ID=your_google_client_id
GOOGLE_CLIENT_SECRET=your_google_client_secret
GOOGLE_REDIRECT_URI=http://localhost:7130/api/oauth/google/callback
Google Cloud Console Setup
- Visit Google Cloud Console
- Create a new project or select an existing project
- Enable Google+ API and Google Identity API
- Create an OAuth 2.0 Client ID in the "Credentials" page
- Configure authorized redirect URIs:
- Development environment:
http://localhost:7130/api/auth/oauth/google/callback- Production environment:
https://yourdomain.com/api/auth/oauth/google/callback
- Production environment:
API Endpoints
1. Get Google OAuth Authorization URL
Endpoint: GET /api/auth/v1/google-auth
Parameters:
redirect_url: Redirect URL after successful login
Response:
{
"success": true,
"data": {
"auth_url": "https://accounts.google.com/oauth/authorize?..."
}
}
Example:
curl "http://localhost:7130/api/auth/v1/google-auth?redirect_url=http://localhost:7131/dashboard"
2. Google OAuth Callback Handling
Endpoint: GET /api/auth/oauth/google/callback
Parameters:
code: Authorization code returned by Googlestate: State parameter (optional)
Process:
- Receive Google authorization code
- Exchange for access token and ID token
- Verify ID token and retrieve user information
- Find or create user record
- Generate JWT token
- Redirect to specified URL with token information
Redirect URL Format:
{redirect_url}?token={jwt_token}&user_id={user_id}&email={email}&name={name}
User Flow
New User Registration
- User clicks "Sign in with Google"
- Redirect to Google authorization page
- After user authorization, system creates new user record:
- Create basic authentication record in
authtable - Create Google identity record in
identifiestable - Create user profile record in
profilestable
- Create basic authentication record in
- Return JWT token and user information
Existing User Login
- User clicks "Sign in with Google"
- Redirect to Google authorization page
- After user authorization, system:
- Searches for user in
identifiestable byproviderandprovider_id - Updates
last_login_attimestamp
- Searches for user in
- Return JWT token and user information
Email Association
- If user already exists but not associated with Google account, system will automatically associate
- If Google account is already associated with another user, an error will be returned
Frontend Integration Example
// 1. Get authorization URL
const response = await fetch('/api/auth/v1/google-auth?redirect_url=/dashboard');
const { auth_url } = await response.json();
// 2. Redirect to Google authorization page
window.location.href = auth_url;
// 3. Handle returned token in callback page
const urlParams = new URLSearchParams(window.location.search);
const token = urlParams.get('token');
const userId = urlParams.get('user_id');
if (token) {
// Store token
localStorage.setItem('auth_token', token);
// Navigate to main page
window.location.href = '/dashboard';
}
Error Handling
Common error codes:
MISSING_FIELD: Missing required parametersINVALID_CREDENTIALS: Google token verification failedALREADY_EXISTS: User already exists
Security Considerations
- Ensure
GOOGLE_CLIENT_SECRETenvironment variable is stored securely - Use HTTPS in production environment
- Validate redirect URL legitimacy
- Regularly rotate JWT keys
- Monitor abnormal login activities
Troubleshooting
-
"Invalid redirect_uri" Error
- Check redirect URI configuration in Google Cloud Console
- Ensure it matches the
GOOGLE_REDIRECT_URIenvironment variable
-
"Invalid client" Error
- Verify
GOOGLE_CLIENT_IDandGOOGLE_CLIENT_SECRETare correct - Ensure necessary APIs are enabled in Google Cloud Console project
- Verify
-
"Token verification failed" Error
- Check network connectivity
- Verify Google API service status
- Confirm client ID configuration is correct