search

sahat / megaboilerplate

Handcrafted starter projects, optimized for simplicity and ease of use.
MIT License
3.83k stars 257 forks source link

Google OAuth API Key instructions incomplete #145

Closed plainspace closed 8 years ago

plainspace commented 8 years ago

I can auth in the project with your throw away keys but it doesn't work with the Google client ID and client secret keys generated by your instructions. Does the TOKEN_SECRET in the .env have anything to do with this? Is there anything else that needs to happen on the Google side for this to work?

GET /auth/google/callback?code=4/XXX-XXX-XXX&authuser=0&session_state=XXX..da12&prompt=none 200 16.749 ms - 551

POST /auth/google 500 293.144 ms - 339

Any idea what is going on or what I'm missing?

sahat commented 8 years ago

You will need to add client secret to .env and client id to app/actions/oauth.js inside this function:

// Sign in with Google
export function googleLogin() {
  const google = {
    url: 'http://localhost:3000/auth/google',
    clientId: 'ENTER CLIENT ID HERE',
    redirectUri: 'http://localhost:3000/auth/google/callback',
    authorizationUrl: 'https://accounts.google.com/o/oauth2/auth',
    scope: 'openid profile email',
    width: 452,
    height: 633
  };

You will need to update url and redirectUri if you are going to deploy this project. If you are not planning to add CORS, this is a nice trick to use dynamic URL: 

window.location.origin + '/auth/google'

TOKEN_SECRET is unrelated to Google authorization.

plainspace commented 8 years ago

I did add my client secret to .env and client id to app/actions/oauth.js as per the README.

I am going to deploy in the future (likely need CORS) but running locally now and it is not working when I update my variables. I set them up 3 times (in case I messed something up) as per your instructions in the README. Any thoughts?

plainspace commented 8 years ago

Actually... could you try creating new credentials and using them just to confirm this is working?

plainspace commented 8 years ago

It seems like there is definitely something missing in the API Credentials because when I use your throw away creds it works locally but when I try to use mine it fails.

sahat commented 8 years ago

@plainspace Have you enabled Google+ API from the API list?

plainspace commented 8 years ago

@sahat yes. ran npm run build and started the node server again after making the changes. even seeing the failures in the Google APIs console. Scratch that. It is working now after enabling the API. Add that to the README?

plainspace commented 8 years ago

Thanks for the tip on the dynamic url. I am probably going to have to add CORS. Suggestions?