This plugin allows authentication via Google using mobile devices
Google Auth Mobile helps you to create google authentication for your Android and iOS users. It uses the official OAuth2Client from google-auth library for Node JS applications.
For Android and iOS applications there is no redirect uri parameter and only Client ID is configured for the app. Google Authentication happens on the device via One Tap for Android or Google Sign-In for iOS and then the client application should send accessToken to the server.
The server will verify the token via OAuth2Client verifyIdToken() method and then will use email, provided in the payload, to authenticate the user in the strapi application via services of Users & Permissions Plugin.
If the user is already in the database, an authenticated session for the user is established. If the user isn't yet in the database, a new user record from the information in the ID token payload is created, and a session for the user is established.
More info can be found here: https://developers.google.com/identity/one-tap/android/idtoken-auth
Add the following in config/plugins.js of you strapi application:
1module.exports = {
2 'google-auth-mobile': {
3 enabled: true
4 },
5};
Open the admin panel and you should see Google Auth Mobile in the right menu among other plugins.
Create a google project from the Google Cloud Console.
Go to Credentials, click create credentials -> OAuth Client ID. Application type may be Android or iOS. Do not forget to create OAuth Consent Screen (Nav Menu -> APIs & Services -> OAuth consent screen).
To enable authentication you should input the Client ID of your application in the Google Auth Mobile plugin page and save it, you should also provide platform key to help you identify for which platform your client id was created. Both Client ID and platform key are required and should be uniqie.
Google credentials can be set for multiple apps (currently no limitations, although we suggest to not have too many) that should have access to your backend. They can also be set directly in Content-Manager (Content-type "Google Creds").
We suggest using One Tap for Android https://developers.google.com/identity/one-tap/android/overview
and Google Sign-In for iOS https://developers.google.com/identity/sign-in/ios/start
The client retrieves a Google ID token when the user selects a Google Account. An ID token is a signed assertion of a user's identity that also contains a user's basic profile information, possibly including an email address that has been verified by Google.
After a user successfully signs in, send the user's ID token to your server using HTTPS. Then, on the server, we are verifying the integrity of the ID token and use the user information contained in the token to establish a session (issue a jwt) or create a new account.
1 {
2 method: 'POST',
3 path: 'YOUR_STRAPI_BACKEND_URL/api/google-auth-mobile/connect',
4 data: {
5 access_token: TOKEN
6 }
7 }
The example response:
1{
2 "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6I6pXVCJ9.eyJpZCI6MiwiaWF0Ijox8jk3MTA2OTc1LCJleHAiOjEqOTk2OTg5NzV9.tZ1aYLZpZmAbZGeA3buTVyPdWY5O8GGNp-c2bjlN4kM",
3 "user": {
4 "id": 1,
5 "username": "user",
6 "email": "user-example@gmail.com",
7 "provider": "google",
8 "confirmed": true,
9 "blocked": false,
10 "createdAt": "2020-10-12T10:35:17.547Z",
11 "updatedAt": "2020-10-12T10:35:17.547Z"
12 }
13}
If the token verification fails, the error will be thrown:
1{
2 "data": null,
3 "error": {
4 "status": 400,
5 "name": "ApplicationError",
6 "message": "Invalid google auth token",
7 "details": {}
8 }
9}
If no client IDs were set in the plugin menu, the error will be thrown:
1{
2 "data": null,
3 "error": {
4 "status": 400,
5 "name": "ApplicationError",
6 "message": "Client IDs were not set in plugin settings",
7 "details": {}
8 }
9}
Any bugs/issues you may face can be submitted as issues in the Github repo.
npm install strapi-plugin-google-auth-mobile
Check out the available plugin resources that will help you to develop your plugin or provider and get it listed on the marketplace.