Passport + Google OAuth2 + AWS Cognito

[silviopaganini]

Hi there

I'm getting this NotAuthorizedException: Invalid login token. Not a valid OpenId Connect identity token.

when trying to use the accessToken you return to create an Identity on Cognito, any ideas?

I found on AWS forum this

UPDATE: Finally figured out the issue. The token I was using was incorrect. It should be id_token that is returned from Google and not the access_token or refresh_token. 

any ideas of what that could be or how it could be fixed?

thanks!

[bwlt]

Found a solution! The correct token to use is not the standard accessToken inside the verify function (second argument) of the strategy:

passport.use(new GoogleStrategy({
    clientID:     GOOGLE_CLIENT_ID,
    clientSecret: GOOGLE_CLIENT_SECRET,
    callbackURL:  CALLBACK_URL,
  },
  (accessToken, refreshToken, params, profile, done) => {
    process.nextTick(() => done(null, {
      accessToken,
      refreshToken,
      idToken: params.id_token,
      profile
    }))
  }
))

you can find the correct token id_token in the params argument.

Hope it helps

[ashishnumino]

thanyou @bwlt It helped me

[tsamaya]

thank you @bwlt it helped me

[ahummel25]

I still get this error. I don't see params being passed back in the Google Strategy callback. Any ideas?

[Jukakombo]

Wow it works perfect

[Jukakombo]

passport.use(new GoogleStrategy({ clientID: process.env.CLIENT_ID, clientSecret: process.env.CLIENT_SECRET, callbackURL: "", userProfile:"https://www.googleapis.com/oauth2/userinfo" }, function(accessToken, refreshToken, profile, cb) { User.findOrCreate({ googleId: profile.id }, function (err, user) { return cb(err, user); }); } ));