Google Cloud OAuth - rishavry/WorksPresentation GitHub Wiki

  • When using Google Cloud OAuth to sign in with Google, a secure, passwordless account is created.

  • Below are the steps I would take to use it effectively.

    1. Go to Google Cloud console, go into the specific project of your web-application, if not already, and enter clients in the search-bar. Click Clients and then click Create client.

    2. Enter the following details to create the client (not literally, of-course): Application type -> Web application, Name -> ProjectName, Authorized JavaScript origins -> [https://website-where-user-will-sign-in-via-google.com]

    3. The newly generated client will have an id and a secret. Let's assume the id is 242564945653-d5s957uogk2cqcgb4skejc2rcb2rbtcr. To enable it, add these to the head-tag of the page's html-file:

    <meta name="google-signin-client_id" content="242564945653-d5s957uogk2cqcgb4skejc2rcb2rbtcr.apps.googleusercontent.com">

<script src="https://apis.google.com/js/platform.js" async defer></script>
    1. Add the following Google sign-in button somewhere in the body of the html-file:
    <div class="g-signin2" data-onsuccess="onSigningInWithGoogle"></div>
    1. Implement the following method in the script of the website, which will be called after the user clicks the button above and signs in to their Google-account:
    async function onLoggingInWithGoogle(googleUser) {
    const googleIdToken = googleUser.getAuthResponse().id_token;
    const email = googleUser.getBasicProfile().getEmail();

   //via an API-request that uses HTTPS, send the googleIdToken and email to backend for verification 
}
    1. Add the following service method in the backend to verify the google-id-token:
    import time

from google.oauth2 import id_token
from google.auth.transport import requests


def verify_google_id_token(email_address, google_id_token):
    try:
        idinfo = id_token.verify_oauth2_token(
            google_id_token, requests.Request(), '242564945653-d5s957uogk2cqcgb4skejc2rcb2rbtcr'
        )

        aud = idinfo['aud']
        email = idinfo['email']
        expiration = idinfo['exp']

        return (
            aud == 'https://website-where-user-will-sign-in-via-google.com' and email_address == email and
            int(time.time()) < expiration
        )
    except:
        return False
    1. In the users database, the hashed password of the user who logs in via Google will be set to Null.
⚠️ **GitHub.com Fallback** ⚠️