A problem with using "Überauth Example" repository

Phoenix Forum Questions / Help
,
1

Hello.
I want to use Überauth for Google Oauth.
So I refered “Überauth Example” repository, and I tried to learn how to access google OAuth.
I thought request function in auth_controller calls Google login form, but OAuth process has been completed without it.
So I don’t know what calls Google login form, and I want to know that.
And the repository uses browser, but I try to use OAuth in an api server.How do I need to change the request?

2

Can you clarify what you want to achieve? The point of Oauth is to redirect the end user to Google’s own login server so it can verify credentials directly. How is that possible to do an API server? You cannot store and forward credentials, that will be a huge security hole.

3

I tried to create user data by the mail address in my database using Google Oauth.Isn’t Oauth usually used though database?And is it used by frontend?

4

Let’s go back to the basic flow of Oauth.

  • step 0: you apply for a client id and client secret at Google
  • step 1: you present your user a choice to login via Google. If your user select it, you redirect your user to Google’s login server, together with your client id
  • step 2: either your user is already login to google (has cookie) or your user login to google at this moment
  • step 3: Now google present your user a consent form, say XXX want to read your basic profile for login purpose, do you agree, if the user agree, Google will redirect back to your call back entry, with a short lived authorization code
  • step 4: Now you have a authorization code. you use this code, your client id and secret, to make a request to google from your backend, to acquire a secret token, which has longer life
  • step 5: with the secret token, you are basically a limited version of your user. Now you can read a redacted version of the user profile, which should contains the email address, an avatar, and some other stuff
  • step 6: now you can compare the info with whatever you have in your database, and decide whether or not to grand access to the user

Step 1, 2, 3 are http calls from the front end with your user’s input, step 4 and 5 are http calls from your backend.

If what you want to do is exactly this, then you can follow the Uberauth example in verbatim. If what you want to achieve is different, please describe in detail the differences, maybe there is a way to achieve what you want, or maybe not.