As a student I want to use my school’s google account to sign into codesparks.org

[Vektorised]

Point Value: 3

Acceptance Criteria:

• Users should be able to log in to their code-sparks account using their Google credentials.
• Users should be taken to their code-sparks homepage upon signing in.

Tasks:

• [x] Create a "Sign In With Google" button following their guidelines.
• [x] Add responsiveness to button to direct user to Google's sign in services
• [x] Establish a connection with Google Identity
• [x] Send and receive login tokens from Google Identity
• [x] Communicate with Code-Sparks to sign user in

[Vektorised]

• Created init to link app with Google Identity using client ID
• Added Google button using the Google Client Library (imported in app index.html)
• Modified original "handleLogin" to use const vars from input fields
• Added callback to handle log-ins using google
• Added functionality to verify integrity of Google token response

Notes: As per Google's documentation, the unique intentifier (sub field of returned token) should be the only identification for the app. The email should not be used as a user could change their email on Google. This identifier is unique for each Google account and never changes. However, the current sign in procedure uses an axios POST with an email and password to identify the user and start a user session.

• Currently still uses returned email and a hardcoded password to demonstrte functionality of sign in.
• Need to figure out a way to store the unique ID (sub field) for the user to pull from database.

[Vektorised]

Current State:

• Thoroughly comment code to ensure transparency for external users.
• Retested sign in features using Google accounts with and without access permissions in the Google Cloud Console.
• Made clear state of sign in with the current implementation still using an email instead of Google ID as mentioned above.

Next Steps:

• [x] Work with the accounts team to implement additional field for user accounts to hold a registered Google ID.
• [x] Rework the account retrieval to fetch user account for sign in using the unique Google ID as the only identifier.
• [x] Diagnose issues with OAuth client initialization to prevent loading failures.

[Vektorised]

Wrap-Up:

• Added field within the user account to accept a Google UID.
• Worked with Darian to implement his custom OAuth API to verify Google tokens.
• Users are now able to sign in through Google and the server retrieves the account using on the Google UID.

[darianuriarte]

Testing Overview:

Initial Setup and Functionality Testing: We initiated the process by linking our application with Google Identity using a client ID and incorporating a "Sign In With Google" button following Google's guidelines. Our team modified the existing "handleLogin" function and integrated a callback to manage log-ins via Google. We conducted several tests to ensure the basic functionality worked correctly. Token Integrity and Security Testing: We implemented a mechanism to verify the integrity of the Google token response, a critical step to ensure the security and authenticity of the login process. This was crucial for maintaining the integrity and reliability of the user authentication process. Account Retrieval Methodology: Initially, our implementation used a returned email and a hardcoded password for demonstration purposes. Recognizing the need for a more secure approach, we decided to transition to using the unique Google ID (sub field) for user identification, in line with Google's recommendations. Comprehensive Sign-In Testing: We rigorously retested the sign-in features using various Google accounts, including those with differing access permissions in the Google Cloud Console. This step was vital to ascertain the effectiveness of our implementation under various scenarios and user types. OAuth Integration and UID Management: In collaboration, we implemented a custom OAuth API to verify Google tokens and introduced a field within the user account model to accommodate a Google UID. This allowed us to test and confirm that users were able to sign in through Google and that our server efficiently retrieved accounts based on the Google UID.