From e7c21aa35c97733bf0bd82c30623d77632e32a34 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 18 Aug 2020 05:43:44 +0000 Subject: [PATCH] update google docs --- README.md | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/README.md b/README.md index faf7ac2..2180040 100644 --- a/README.md +++ b/README.md @@ -35,3 +35,47 @@ Create Google Credentials 3. Select `Web Application` 4. Fill out the same test domain and test app name as before 5. Save the ID and Secret to a place you won't forget (perhaps a .gitignored .env) + +Update your signin page. + +1. You need to put your default scopes (i.e. `profile email`) and client ID in the meta tag of your login page HTML. `profile` is the minimum scope and is always returned. + ```html + + + + + ``` +2. Although it should be possible to use an thin OAuth client, you'll probably want to start by including the (huge) Google platform.js + ```html + + ``` +3. You can start off with the Google's sign in button, but you need your own `data-onsuccess` callback. You can also adjust the `data-scope` per button to include more stuff. + ```html +
+ + ``` +4. Despite the documentation stating that passing a token as a query is deprecated and to use the `Authorization` header, the inspect token URL only supports the query parameter: `GET https://oauth2.googleapis.com/tokeninfo?id_token=` + - You can also validate the token with Google's public key + - https://accounts.google.com/.well-known/openid-configuration + - https://www.googleapis.com/oauth2/v3/certs (note that one of the Key IDs will match that of your kid) +5. While testing you'll probably want to revoke the app's permissions + - Go to https://myaccount.google.com/permissions + - Under "Third-party apps with account access" click "Manage third-party access" and search in the long list and click "Remove access". + - Under "Signing in to other sites" click "Signing in with Google" and search in the list to revoke access + - Active tokens will persist until they expire (1 hour), so you may need to clear cache, cookies, etc, which can be a pain +5. Sign out can be accomplished with a button that calls `gapi.auth2.getAuthInstance().signOut().then(function() { });` +