github/meteor
1
1
Fork 0
mirror of https://github.com/meteor/meteor.git synced 2026-05-02 03:01:46 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
27342dcbe4513873dd0ee6fa458ebdbbbbea4eec
meteor/packages/google/google_server.js
Andrew Wilcox 2fd00e58ba Implements the "redirect" login flow, for cases such as using a mobile 
UIWebView which aren't able to use the preferred "popup" login flow.

See the specs for details:
  https://meteor.hackpad.com/OAuth-redirect-flow-spec-PeziTcaNPDP
  https://meteor.hackpad.com/OAuth-redirect-flow-part-II-vswwUKP4vXe

I extracted code to construct a URL from the `http` package into a new
`url` utility package.  The new package has no public API, it simply
has the original URL construction functions that were in `http` and
makes them available to oauth.

Fixes the Meetup account login, as Meetup now requires using
"https://api.meetup.com/2/members" instead of
"https://secure.meetup.com/2/members".

The `?close` parameter for the redirect URI is now not needed or used.
For backwards compatibility the `?close` parameter is included if the
login service configuration doesn't include the `loginStyle` field
(indicating it was created using old code).
2014-08-28 17:25:13 -07:00

84 lines
2.6 KiB
JavaScript
Raw Blame History

Google = {};
// https://developers.google.com/accounts/docs/OAuth2Login#userinfocall
Google.whitelistedFields = ['id', 'email', 'verified_email', 'name', 'given_name',
'family_name', 'picture', 'locale', 'timezone', 'gender'];
OAuth.registerService('google', 2, null, function(query) {
var response = getTokens(query);
var accessToken = response.accessToken;
var identity = getIdentity(accessToken);
var serviceData = {
accessToken: accessToken,
expiresAt: (+new Date) + (1000 * response.expiresIn)
};
var fields = _.pick(identity, Google.whitelistedFields);
_.extend(serviceData, fields);
// only set the token in serviceData if it's there. this ensures
// that we don't lose old ones (since we only get this on the first
// log in attempt)
if (response.refreshToken)
serviceData.refreshToken = response.refreshToken;
return {
serviceData: serviceData,
options: {profile: {name: identity.name}}
};
});
// returns an object containing:
// - accessToken
// - expiresIn: lifetime of token in seconds
// - refreshToken, if this is the first authorization request
var getTokens = function (query) {
var config = ServiceConfiguration.configurations.findOne({service: 'google'});
if (!config)
throw new ServiceConfiguration.ConfigError();
var response;
try {
response = HTTP.post(
"https://accounts.google.com/o/oauth2/token", {params: {
code: query.code,
client_id: config.clientId,
client_secret: OAuth.openSecret(config.secret),
redirect_uri: OAuth._redirectUri('google', config),
grant_type: 'authorization_code'
}});
} catch (err) {
throw _.extend(new Error("Failed to complete OAuth handshake with Google. " + err.message),
{response: err.response});
}
if (response.data.error) { // if the http response was a json object with an error attribute
throw new Error("Failed to complete OAuth handshake with Google. " + response.data.error);
} else {
return {
accessToken: response.data.access_token,
refreshToken: response.data.refresh_token,
expiresIn: response.data.expires_in
};
}
};
var getIdentity = function (accessToken) {
try {
return HTTP.get(
"https://www.googleapis.com/oauth2/v1/userinfo",
{params: {access_token: accessToken}}).data;
} catch (err) {
throw _.extend(new Error("Failed to fetch identity from Google. " + err.message),
{response: err.response});
}
};
Google.retrieveCredential = function(credentialToken, credentialSecret) {
return OAuth.retrieveCredential(credentialToken, credentialSecret);
};
Reference in New Issue View Git Blame Copy Permalink