4.4 KiB
4.4 KiB
Simple OAuth2 Setup Guide
✅ What's Working Now
The VIP Coordinator now has a much simpler OAuth2 implementation that actually works! Here's what I've done:
🔧 Simplified Implementation
- Removed complex Passport.js - No more confusing middleware chains
- Simple JWT tokens - Clean, stateless authentication
- Direct Google API calls - Using fetch instead of heavy libraries
- Clean error handling - Easy to debug and understand
📁 New Files Created
backend/src/config/simpleAuth.ts- Core auth functionsbackend/src/routes/simpleAuth.ts- Auth endpoints
🚀 How to Set Up Google OAuth2
Step 1: Get Google OAuth2 Credentials
- Go to Google Cloud Console
- Create a new project or select existing one
- Enable the Google+ API
- Go to "Credentials" → "Create Credentials" → "OAuth 2.0 Client IDs"
- Set application type to "Web application"
- Add these redirect URIs:
http://localhost:3000/auth/google/callbackhttp://localhost:5173/auth/callback
Step 2: Update Environment Variables
Edit backend/.env and add:
# Google OAuth2 Settings
GOOGLE_CLIENT_ID=your_google_client_id_here
GOOGLE_CLIENT_SECRET=your_google_client_secret_here
GOOGLE_REDIRECT_URI=http://localhost:3000/auth/google/callback
# JWT Secret (change this!)
JWT_SECRET=your-super-secret-jwt-key-change-this
# Frontend URL
FRONTEND_URL=http://localhost:5173
Step 3: Test the Setup
-
Start the application:
docker-compose -f docker-compose.dev.yml up -d -
Test auth endpoints:
# Check if backend is running curl http://localhost:3000/api/health # Check auth status (should return {"authenticated":false}) curl http://localhost:3000/auth/status -
Test Google OAuth flow:
- Visit:
http://localhost:3000/auth/google - Should redirect to Google login
- After login, redirects back with JWT token
- Visit:
🔄 How It Works
Simple Flow:
- User clicks "Login with Google"
- Redirects to
http://localhost:3000/auth/google - Backend redirects to Google OAuth
- Google redirects back to
/auth/google/callback - Backend exchanges code for user info
- Backend creates JWT token
- Frontend receives token and stores it
API Endpoints:
GET /auth/google- Start OAuth flowGET /auth/google/callback- Handle OAuth callbackGET /auth/status- Check if user is authenticatedGET /auth/me- Get current user info (requires auth)POST /auth/logout- Logout (client-side token removal)
🛠️ Frontend Integration
The frontend needs to:
-
Handle the OAuth callback:
// In your React app, handle the callback route const urlParams = new URLSearchParams(window.location.search); const token = urlParams.get('token'); if (token) { localStorage.setItem('authToken', token); // Redirect to dashboard } -
Include token in API requests:
const token = localStorage.getItem('authToken'); fetch('/api/vips', { headers: { 'Authorization': `Bearer ${token}` } }); -
Add login button:
<button onClick={() => window.location.href = '/auth/google'}> Login with Google </button>
🎯 Benefits of This Approach
- Simple to understand - No complex middleware
- Easy to debug - Clear error messages
- Lightweight - Fewer dependencies
- Secure - Uses standard JWT tokens
- Flexible - Easy to extend or modify
🔍 Troubleshooting
Common Issues:
-
"OAuth not configured" error:
- Make sure
GOOGLE_CLIENT_IDis set in.env - Restart the backend after changing
.env
- Make sure
-
"Invalid redirect URI" error:
- Check Google Console redirect URIs match exactly
- Make sure no trailing slashes
-
Token verification fails:
- Check
JWT_SECRETis set and consistent - Make sure token is being sent with
Bearerprefix
- Check
Debug Commands:
# Check backend logs
docker-compose -f docker-compose.dev.yml logs backend
# Check if environment variables are loaded
docker exec vip-coordinator-backend-1 env | grep GOOGLE
🎉 Next Steps
- Set up your Google OAuth2 credentials
- Update the
.envfile - Test the login flow
- Integrate with the frontend
- Customize user roles and permissions
The authentication system is now much simpler and actually works! 🚀