I am using a loopback-component-passport to authenticate users via google OAuth2Strategy. Everything works well except passing the "hd" or "hostedDomain" param to google.
My provider.json looks like this:
{
"google-auth": {
"provider": "google",
"module": "passport-google-oauth",
"strategy": "OAuth2Strategy",
"clientID": "{clientID}",
"clientSecret": "{clientSecret}",
"callbackURL": "http://localhost:3000/auth/google/callback",
"authPath": "/auth/google",
"callbackPath": "/auth/google/callback",
"successRedirect": "/auth/account",
"scope": ["email", "profile"],
"hd": "domain.tld",
"link": false
}
}
...but no "hd" param is passed to google :(.
I already tried the "hack" with "myClientSecret&hd=domain.tld" but all the values are url encoded before passing them and the characters "&" and "=" are therefore encoded and cause error...
dependencies in my package.json:
"cls-hooked": "^4.2.2",
"compression": "^1.0.3",
"cors": "^2.5.2",
"helmet": "^3.12.0",
"loopback": "^3.0.0",
"loopback-boot": "^2.27.1",
"loopback-component-access-groups": "^1.2.0",
"loopback-component-explorer": "^5.0.0",
"loopback-component-passport": "^3.6.0",
"loopback-context": "^3.3.0",
"passport-google-oauth": "^1.0.0",
"serve-favicon": "^2.0.1",
"strong-error-handler": "^2.3.2"
Anyone has some experiences with this? Anyone can help?
Try adding:
"authOptions": {
"hd": "domain.tld"
}
More info: http://loopback.io/doc/en/lb3/Configuring-providers.json.html#oauth-2