OAuth lets users log in with their Google or GitHub account — no password management required. Day 2 implements OAuth 2.0 with Google using Passport.js.
OAuth 2.0 is a protocol for delegated authorization. Here is the 5-step flow:
npm install passport passport-google-oauth20 express-sessionconst passport = require('passport');
const GoogleStrategy = require('passport-google-oauth20').Strategy;
passport.use(new GoogleStrategy({
clientID: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
callbackURL: '/auth/google/callback'
}, async (accessToken, refreshToken, profile, done) => {
// Find or create user in your database
let user = await User.findByGoogleId(profile.id);
if (!user) {
user = await User.create({
googleId: profile.id,
email: profile.emails[0].value,
name: profile.displayName
});
}
done(null, user);
}));
passport.serializeUser((user, done) => done(null, user.id));
passport.deserializeUser((id, done) => User.findById(id).then(user => done(null, user)));
// Routes
app.get('/auth/google',
passport.authenticate('google', { scope: ['profile', 'email'] })
);
app.get('/auth/google/callback',
passport.authenticate('google', { failureRedirect: '/login' }),
(req, res) => {
// Issue JWT after successful OAuth
const token = jwt.sign({ userId: req.user.id }, process.env.JWT_SECRET, { expiresIn: '15m' });
res.redirect(`/app?token=${token}`);
}
);
app.get('/logout', (req, res) => {
req.logout();
res.redirect('/');
});