--- id: google_auth title: Google Auth Hook --- This part of the tutorial shows how to create a sign-in flow for users and integrate with Unleash server project. The implementation assumes that I am working in `localhost` with `4242` port. This is a simple `index.js` server file. ```javascript const unleash = require('unleash-server'); if (process.env.DATABASE_URL_FILE) { options.databaseUrl = fs.readFileSync(process.env.DATABASE_URL_FILE); } unleash.start(options).then(unleash => { console.log(`Unleash started on http://localhost:${unleash.app.get('port')}`); });; ``` ### Creating a web application client ID 1. Go to the credentials section in the [Google Cloud Platform Console](https://console.cloud.google.com/apis/credentials?_ga=2.77615956.-1991581217.1542834301). 2. Click **OAuth consent screen**. Type a product name. Fill in any relevant optional fields. Click **Save**. 3. Click **Create credentials > OAuth client ID**. 4. Under **Application type**, select **Web Application**. 5. Type the **Name**. 6. Under **Authorized redirect URIs** enter the following URLs, one at a time. ``` http://localhost:4242/api/auth/callback ``` 7. Click **Create**. 8. Copy the **CLIENT ID** and **CLIENT SECRET** and save them for later use. ### Add dependencies Add two dependencies [`passport`](https://www.npmjs.com/package/passport) and [`passport-google-oauth20`](https://www.npmjs.com/package/passport-google-oauth20) inside `index.js` file ```js const unleash = require('unleash-server'); const passport = require('passport'); const GoogleStrategy = require('passport-google-oauth20').Strategy; ``` ### Configure the Google strategy for use by Passport.js OAuth 2-based strategies require a `verify` function which receives the credential (`accessToken`) for accessing the Google API on the user's behalf, along with the user's profile. The function must invoke `cb` with a user object, which will be set at `req.user` in route handlers after authentication. ```js const GOOGLE_CLIENT_ID = '...'; const GOOGLE_CLIENT_SECRET = '...'; const GOOGLE_CALLBACK_URL = 'http://localhost:4242/api/auth/callback'; passport.use(new GoogleStrategy( { clientID: GOOGLE_CLIENT_ID, clientSecret: GOOGLE_CLIENT_SECRET, callbackURL: GOOGLE_CALLBACK_URL }, function(accessToken, refreshToken, profile, cb) { // Extract the minimal profile information we need from the profile object // and connect with Unleash to get name and email. cb(null, new unleash.User({ name: profile.displayName, email: profile.emails[0].value, })); } )); ``` Add `googleAdminAuth()` function and other options ```js function googleAdminAuth(app) {} let options = { enableLegacyRoutes: false, adminAuthentication: 'custom', preRouterHook: googleAdminAuth }; unleash.start(options).then(unleash => { console.log(`Unleash started on http://localhost:${unleash.app.get('port')}`); });; ``` ### In `googleAdminAuth` function Configure `passport` package. ```js function googleAdminAuth(app) { app.use(passport.initialize()); app.use(passport.session()); passport.serializeUser((user, done) => done(null, user)); passport.deserializeUser((user, done) => done(null, user)); // ... } ``` Implement a preRouter hook for `/api/admin/login`. It's neccesary for login with Google. ```js function googleAdminAuth(app) { // ... app.get('/api/admin/login', passport.authenticate('google', { scope: ['profile', 'email'] })); // ... } ``` Implement a preRouter hook for `/api/auth/callback`. It's a callback when the login is executed. ```js function googleAdminAuth(app) { // ... app.get('/api/auth/callback', passport.authenticate('google', { failureRedirect: '/api/admin/error-login', }), (req, res) => { // Successful authentication, redirect to your app. res.redirect('/'); } ); // ... } ``` Implement a preRouter hook for `/api/admin`. ```js function googleAdminAuth(app) { // ... app.use('/api/admin/', (req, res, next) => { if (req.user) { next(); } else { // Instruct unleash-frontend to pop-up auth dialog return res .status('401') .json( new unleash.AuthenticationRequired({ path: '/api/admin/login', type: 'custom', message: `You have to identify yourself in order to use Unleash. Click the button and follow the instructions.`, }) ).end(); } }); // ... } ``` ### The complete code The `index.js` server file. ```js 'use strict'; const unleash = require('unleash-server'); const passport = require('passport'); const GoogleStrategy = require('passport-google-oauth20').Strategy; const GOOGLE_CLIENT_ID = '...'; const GOOGLE_CLIENT_SECRET = '...'; const GOOGLE_CALLBACK_URL = 'http://localhost:4242/api/auth/callback'; passport.use(new GoogleStrategy( { clientID: GOOGLE_CLIENT_ID, clientSecret: GOOGLE_CLIENT_SECRET, callbackURL: GOOGLE_CALLBACK_URL }, function(accessToken, refreshToken, profile, cb) { cb(null, new unleash.User({ name: profile.displayName, email: profile.emails[0].value, })); } )); function googleAdminAuth(app) { app.use(passport.initialize()); app.use(passport.session()); passport.serializeUser((user, done) => done(null, user)); passport.deserializeUser((user, done) => done(null, user)); app.get('/api/admin/login', passport.authenticate('google', { scope: ['profile', 'email'] })); app.get('/api/auth/callback', passport.authenticate('google', { failureRedirect: '/api/admin/error-login', }), (req, res) => { res.redirect('/'); } ); app.use('/api/admin/', (req, res, next) => { if (req.user) { next(); } else { return res .status('401') .json( new unleash.AuthenticationRequired({ path: '/api/admin/login', type: 'custom', message: `You have to identify yourself in order to use Unleash. Click the button and follow the instructions.`, }) ).end(); } }); } let options = { enableLegacyRoutes: false, adminAuthentication: 'custom', preRouterHook: googleAdminAuth }; if (process.env.DATABASE_URL_FILE) { options.databaseUrl = fs.readFileSync(process.env.DATABASE_URL_FILE); } unleash.start(options).then(unleash => { console.log(`Unleash started on http://localhost:${unleash.app.get('port')}`); });; ```