update google docs

This commit is contained in:
AJ ONeal 2020-08-18 05:43:44 +00:00
parent 5ff37be8c5
commit e7c21aa35c
1 changed files with 44 additions and 0 deletions

View File

@ -35,3 +35,47 @@ Create Google Credentials
3. Select `Web Application` 3. Select `Web Application`
4. Fill out the same test domain and test app name as before 4. Fill out the same test domain and test app name as before
5. Save the ID and Secret to a place you won't forget (perhaps a .gitignored .env) 5. Save the ID and Secret to a place you won't forget (perhaps a .gitignored .env)
Update your signin page.
1. You need to put your default scopes (i.e. `profile email`) and client ID in the meta tag of your login page HTML. `profile` is the minimum scope and is always returned.
```html
<head>
<meta name="google-signin-scope" content="email">
<meta
name="google-signin-client_id"
content="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com"
/>
</head>
```
2. Although it should be possible to use an thin OAuth client, you'll probably want to start by including the (huge) Google platform.js
```html
<script src="https://apis.google.com/js/platform.js" async defer></script>
```
3. You can start off with the Google's sign in button, but you need your own `data-onsuccess` callback. You can also adjust the `data-scope` per button to include more stuff.
```html
<div
class="g-signin2"
data-onsuccess="ongsignin"
data-scope="profile email https://www.googleapis.com/auth/spreadsheets.readonly https://www.googleapis.com/auth/drive.readonly"
></div>
<script>
window.ongsignin = function (gauth) {
// Note: this is a special prototype-style instance object with few
// enumerable properties (which don't make sense). Requires API docs.
// See https://developers.google.com/identity/sign-in/web
console.log(goauth)
};
</script>
```
4. Despite the documentation stating that passing a token as a query is deprecated and to use the `Authorization` header, the inspect token URL only supports the query parameter: `GET https://oauth2.googleapis.com/tokeninfo?id_token=<token>`
- You can also validate the token with Google's public key
- https://accounts.google.com/.well-known/openid-configuration
- https://www.googleapis.com/oauth2/v3/certs (note that one of the Key IDs will match that of your kid)
5. While testing you'll probably want to revoke the app's permissions
- Go to https://myaccount.google.com/permissions
- Under "Third-party apps with account access" click "Manage third-party access" and search in the long list and click "Remove access".
- Under "Signing in to other sites" click "Signing in with Google" and search in the list to revoke access
- Active tokens will persist until they expire (1 hour), so you may need to clear cache, cookies, etc, which can be a pain
5. Sign out can be accomplished with a button that calls `gapi.auth2.getAuthInstance().signOut().then(function() { });`