Google OAuth2 issues

I'm trying to setup Google OAuth and well, just can't seem to get it to work - I get:

Error: invalid_request

Invalid parameter value for redirect_uri: Missing authority: Localhost:1880/auth/strategy/callback

My section looks like

  adminAuth: {
       type:"strategy",
        strategy: {
            name: "google",
            label: 'Sign in with Google',
            icon:"fa-Google",
            strategy: require("passport-google-oauth20").Strategy,
            options: {
                response_type: "code",
               
                project_id: "MyProjectID",
                auth_uri: "https://accounts.google.com/o/oauth2/auth",
                token_uri: "https://www.googleapis.com/oauth2/v3/token",
                auth_provider_x509_cert_url: "https://www.googleapis.com/oauth2/v1/certs",
         
                redirect_uris: "http://localhost:1880/auth/strategy/callback",
                javascript_origins: "http://localhost:1880",
                
                client_secret: "TheClientSecret",
                callbackURL: "Localhost:1880/auth/strategy/callback",
                clientID: "ClientIDProvidedByGoogle.apps.googleusercontent.com",
                scope: "https://www.googleapis.com/auth/userinfo.email",
                
                
            },
            verify: function(token, tokenSecret, profile, done) {
                return client_secret, clientID, token, tokenSecret, tokenuri
                done(null, profile);
            }
        },
        users: [{
            username: "MyEmail@work",
            permissions: "*"
        }]
    },

and the google OAuth - is Public
ApplcationName = NodeRedTest
Scope for APIs = email, Profile, openid
Authorized Domains MyWorkDomain (could THIS be the issue?)

I can't claim to have tried this particular auth strategy, but at a glance your verify function doesn't look right to me - it has a bad return statement which shouldn't be there:

verify: function(token, tokenSecret, profile, done) {
   return client_secret, clientID, token, tokenSecret, tokenuri
   done(null, profile);
}

By the way, when you share code on the forum, please format it by adding three back-ticks (```) one a new line before and after your code block. That makes it much easier to read and prevents any special characters (eg <, >) from being treated as html.

The Verify is from the Twitter example. BTW, works there, and with Github, just can't get it with Google

Where does the twitter example have a return statement in the middle of the verify function?

You are right, I missed that my co-worker added it
Removed that return - but I still get the same error

I'm not sure where co-worker got the Google URLs, so I'm looking that up too

Is there an example oAuth2 with google around that I can look at, as I can't find one!

Have you tried googling “ Oauth2 Google nodejs”?

Yes, but I must not understand how to take the examples, and change them to what we need in the Settings.js file. See lots of examples that show code, and heck, I can do it in .NET, and have done so (Hey, I'm normally a .NET guy who has gotten sucked into 'Secure our Node-red site, oh, and use OAuth2 from Google"

I'm just at the "Am I doing something wrong in the Settings.js, or in the API config side on Google, or both"

OK - I must be REALLY doing something wrong - decided to go back to the basics - went into Postman, and decided to try and post to:

Localhost:1880/auth/strategy/callback

(with no token and with the token in the body as JSON)
and either way I'm getting

Cannot POST /auth/strategy/callback

Any clues?

Did you get this working? - love to see it!

I managed to get something that seems to be working.

adminAuth: {
    type:"strategy",
    strategy: {
        name: "google",
        label: 'Sign in with Google',
        icon:"fa-google",
        strategy: require("passport-google-oauth20").Strategy,
        options: {
            clientID: "myId",
            clientSecret: "mySecret",
            scope: "email",
            callbackURL: "http://my-node-url.com/auth/strategy/callback",
            verify: function(token, tokenSecret, profile, done) {
                profile.username = profile.emails.constructor === Array ? profile.emails[0].value : null;
                return done(null, profile);
            }
        },
    },
    users: [
       { username: "my_email@gmail.com",permissions: ["*"]},
       { username: "some_other_user@gmail.com",permissions: ["read"]}
   ]
},

Hi All!

Did anyone tried out the Google Auth and get it working?.

Thanks a lot!

yes I get it working
my instance is not exposed to internet
so I'm authorizing my google account at google playground

then manually copy and paste the client secret to my inject node
you need to do this manual process every 3 months
it's ok for me I dont want to expose my instance to public internet.

Here is a screenshot of my flow, first piece authorizing me and the second piece getting data from google analytics (my web pages live user data) and throws it in a template node.

google863×315 125 KB

And here is the rendered template node on my dashboard

would love to have a look at your flow.json if you are able to share. Thank you.

hi there here is the flow
I just clean the api key from first node you need your own client secret to use it

[{"id":"a3e4e204.7aa95","type":"inject","z":"818b9061.accc5","name":"","props":[{"p":"tokengoogle","v":"9876876rvbmnöm0uAQSNwF-L9IrZeiR1REsNfmuwwLXylNJs_2RP1-sJ1Ahfgp1dDxBO_Sgdfggfdsfghjkl_ouOPLuBmDzRY&645646554356client_id=78543525656532-6aeecrdib2gdfg78hbcp3un659tgertegdfs656s0gdf3.apps.googleusercontent.com","vt":"str"}],"repeat":"1800","crontab":"","once":true,"onceDelay":"5","topic":"","payloadType":"str","x":310,"y":180,"wires":[["b83b157.44082e8"]]},{"id":"340c6f1.d5a6a9","type":"http request","z":"818b9061.accc5","name":"","method":"POST","ret":"txt","paytoqs":"ignore","url":"https://oauth2.googleapis.com/token","tls":"","persist":false,"proxy":"","authType":"","x":330,"y":260,"wires":[["7f2a2a29.a8aea4"]]},{"id":"b83b157.44082e8","type":"function","z":"818b9061.accc5","name":"set payload and headers","func":"var tokenguncel = msg.tokengoogle;\n\nmsg.payload = tokenguncel;\nmsg.headers = {};\nmsg.headers['content-type'] = 'application/x-www-form-urlencoded';\n\nreturn msg;\n","outputs":1,"noerr":0,"initialize":"","finalize":"","x":290,"y":220,"wires":[["340c6f1.d5a6a9"]]},{"id":"603a42d2.9227dc","type":"change","z":"818b9061.accc5","name":"token","rules":[{"t":"set","p":"token","pt":"msg","to":"payload.access_token","tot":"msg"}],"action":"","property":"","from":"","to":"","reg":false,"x":350,"y":340,"wires":[["50a164a0.11667c"]]},{"id":"7f2a2a29.a8aea4","type":"json","z":"818b9061.accc5","name":"","property":"payload","action":"","pretty":false,"x":350,"y":300,"wires":[["603a42d2.9227dc"]]},{"id":"50a164a0.11667c","type":"change","z":"818b9061.accc5","name":"","rules":[{"t":"set","p":"payload","pt":"msg","to":"payload.access_token","tot":"msg"}],"action":"","property":"","from":"","to":"","reg":false,"x":320,"y":380,"wires":[["e0a7c39e.788e3"]]},{"id":"e0a7c39e.788e3","type":"change","z":"818b9061.accc5","name":"","rules":[{"t":"set","p":"token","pt":"flow","to":"payload","tot":"msg"}],"action":"","property":"","from":"","to":"","reg":false,"x":320,"y":420,"wires":[[]]},{"id":"dd9550db.49ca7","type":"http request","z":"818b9061.accc5","name":"","method":"GET","ret":"txt","paytoqs":"ignore","url":"https://analytics.googleapis.com/analytics/v3/data/realtime?ids=ga%3A189270063&metrics=rt%3AactiveUsers&dimensions=rt%3Asource&access_type=offline&prompt=consent&key=7jfj87SyBl9jgk67rYaJT-zPIjf3QKIU546hfghfg4l-Jq1787Ec656","tls":"","persist":false,"proxy":"","authType":"","x":650,"y":340,"wires":[["fed0d603.7851d8"]]},{"id":"22fe6840.76cd38","type":"inject","z":"818b9061.accc5","name":"","props":[{"p":"payload"},{"p":"topic","vt":"str"}],"repeat":"10","crontab":"","once":true,"onceDelay":"5","topic":"","payload":"","payloadType":"date","x":650,"y":220,"wires":[["5fc9c7e2.fec0d8"]]},{"id":"fed0d603.7851d8","type":"json","z":"818b9061.accc5","name":"","property":"payload","action":"obj","pretty":false,"x":670,"y":380,"wires":[["7752fb57.810384"]]},{"id":"7752fb57.810384","type":"change","z":"818b9061.accc5","name":"","rules":[{"t":"set","p":"online","pt":"msg","to":"payload.totalsForAllResults[\"rt:activeUsers\"]","tot":"msg"}],"action":"","property":"","from":"","to":"","reg":false,"x":640,"y":420,"wires":[["93080a2b.583878"]]},{"id":"d9b42ea0.92da2","type":"function","z":"818b9061.accc5","name":"set payload and headers","func":"var tokengelen = msg.payload;\nvar bear2 = 'Bearer, ' + tokengelen;\n\nmsg.payload = \"\";\n\nmsg.headers = {\n   'Authorization': \"Bearer \" + tokengelen,\n   'Content-Type': 'application/json'\n};\n\nreturn msg;","outputs":1,"noerr":0,"initialize":"","finalize":"","x":610,"y":300,"wires":[["dd9550db.49ca7"]]},{"id":"5fc9c7e2.fec0d8","type":"change","z":"818b9061.accc5","name":"","rules":[{"t":"set","p":"payload","pt":"msg","to":"token","tot":"flow"}],"action":"","property":"","from":"","to":"","reg":false,"x":640,"y":260,"wires":[["d9b42ea0.92da2"]]},{"id":"93080a2b.583878","type":"ui_template","z":"818b9061.accc5","group":"d8c86af7.92aeb8","name":"analytics","order":2,"width":4,"height":4,"format":"<style>\n@import url('https://fonts.googleapis.com/css2?family=Xanh+Mono&display=swap');\n.open22{\n    background-color:rgb(143, 49, 157);\n    background-repeat: no-repeat;\n    background-position: center;\n    width: 100%;\n    height:225px;\n    padding-top:0px;\n    \n    \n}\n\np.online{\n    font-family: 'Xanh Mono', monospace;\n    color: #FFFFFF;\n    padding-top:23px;\n    font-size: 50px;\n    text-align:center;\n}\n</style>\n\n\n<div class=\"open22\">\n<div><p class=\"online\">{{msg.online}}</p></div>\n</div>\n\n","storeOutMessages":false,"fwdInMessages":false,"resendOnRefresh":false,"templateScope":"local","x":840,"y":420,"wires":[[]]},{"id":"d8c86af7.92aeb8","type":"ui_group","name":"genel","tab":"c1dcfb03.ffed9","order":1,"disp":false,"width":20,"collapse":false},{"id":"c1dcfb03.ffed9","type":"ui_tab","name":"dash","icon":"dashboard","order":1}]
]```