4

I'm trying to implement the Google OAuth Passport.js strategy but due to the lack of documentation and examples, I can't seem to able to answer certain questions.

My application is using bearers rather than cookies for security and technological reasons.

The single example available on the passport-google-oauth GitHub page doesn't explain certain things like:

  • how a bearer strategy implementation could replace cookies in this scenario ?
  • how do I obtain the expiration time of the Google token ?
  • what should I do with accessToken and refreshToken ?

I really don't want to use cookies because that would create a second authorization system that is a duplicate of the bearer strategy already in place.

This question could be applied to other passport OAuth strategies like Twitter and Facebook.

Martijn Pieters
  • 1,048,767
  • 296
  • 4,058
  • 3,343
m_vdbeek
  • 3,704
  • 7
  • 46
  • 77

1 Answers1

4

I managed to find all the answers needed in this excellent blog post:

http://jeroenpelgrims.com/token-based-sessionless-auth-using-express-and-passport/

and the corresponding source code:

https://bitbucket.org/resurge/sessionless-token-auth-with-express/src/6e94c2ea59591e75b074ff6acc89442065d33007/app.js?at=master

Thanks to Jeroen Pelgrims!

Community
  • 1
  • 1
m_vdbeek
  • 3,704
  • 7
  • 46
  • 77