Introduction I am working with the open authentication for google for user to login using google authentication. Using passport-google-oauth2 package for node js.
Code is working great except the one thing that i have been sending the state variable but getting different state value. First i thought that it might be some configuration issue. From last day reading about the state param, i think i might be doing wrong configuration.
Web Framework : Koa Js
Code Auth
passport.use(new GoogleStrategy({
clientID: 'xxxxxxxxxxx.apps.googleusercontent.com',
clientSecret: 'xxxxxxxxxxxxxxxxxxxxxx',
callbackURL: 'http://localhost:5000/auth/callback/google',
passReqToCallback: true,
response_type:'token',
scope: "openid profile email",
state: base64url(JSON.stringify({blah: 'test'})),
accessType: 'offline'
},
function(request, accessToken, refreshToken, profile, done) {
if(accessToken){
console.log('-------request--------??', request);
console.log('-------accessToken--------??', accessToken);
console.log('-------refreshToken--------??', refreshToken);
console.log('-------profile--------??', profile);
console.log('-------authenticated-------');
done(null, user);
}
else{
console.log('-------not authenticated-------');
done(null, false);
}
}
));
In redirect i am getting all params in querystring, also state variable having different value.
Sample QueryString
{
state: 'T3Lx3XvvSlsGitbNqlCM8CEB',
code: '4/AABGuKCh3Sp0kv2eWSbYsUEAT4iXA2k9u7o2X_ICw0wchiIq38MofOuTmx_yGQSXAFn7iAq9meZXUKRh0qVOAv0',
authuser: '0',
session_state: 'af3af7767c5501d163fa847225b863a9982d76ef..1c9b',
prompt: 'none'
}
If someone have any idea about the problem, kindly do help. Thanks for your time.
I have found the answer, in fact passport js send its auto generated state stored in session along with the authenticate call. Which is later received in redirect call from google in query string.