Google-api-nodejs-client: pass state parameters with the oauth redirect URI

Created on 14 Dec 2016  路  9Comments  路  Source: googleapis/google-api-nodejs-client

How does one achieve what is described here: http://stackoverflow.com/questions/7722062/google-oauth2-redirect-uri-with-several-parameters# using this package?

picture uriva

Most helpful comment

Because I came here thanks to google search.
Here what I did, at the end:

const oAuth2 = new google.auth.OAuth2(
  process.env.GOOGLE_AUTH_CLIENT_ID,
  process.env.GOOGLE_AUTH_CLIENT_SECRET,
  process.env.GOOGLE_AUTH_REDIRECT,
)

const url = oAuth2.generateAuthUrl({
  access_type: 'offline',
  scope: [
    // all your scopes
  ],
  prompt: 'consent', // ask for a refresh token everytime you need, you can comment it if you don't need it
  state: JSON.stringify({ your: 'informations' }), // needs to be a string

})
picture fabienjuif on 22 Feb 2019
👍6

All 9 comments

Add a state property to the options passed to OAuth2Client#generateAuthUrl. For example, here you could add state: { 'foo': 'bar' } and I believe the stringified state object will be passed through to the final destination.

jmdobry picture jmdobry on 29 Dec 2016
👍6

doc doc doc

uriva picture uriva on 30 Dec 2016
👍6 👎1

+1 - Please add this to the docs, was searching for hours on a way to pass some form of parameter from my App to the redirect URI and then receive it back again to map the request to the original user.

carrotcomputer picture carrotcomputer on 28 Jan 2017
👍4

Because I came here thanks to google search.
Here what I did, at the end:

const oAuth2 = new google.auth.OAuth2(
  process.env.GOOGLE_AUTH_CLIENT_ID,
  process.env.GOOGLE_AUTH_CLIENT_SECRET,
  process.env.GOOGLE_AUTH_REDIRECT,
)

const url = oAuth2.generateAuthUrl({
  access_type: 'offline',
  scope: [
    // all your scopes
  ],
  prompt: 'consent', // ask for a refresh token everytime you need, you can comment it if you don't need it
  state: JSON.stringify({ your: 'informations' }), // needs to be a string

})
fabienjuif picture fabienjuif on 22 Feb 2019
👍6

Please add this to the docs. Thank you

HelloJunWei picture HelloJunWei on 13 Jun 2019
👍3

doc!!!

NielsDom picture NielsDom on 7 Aug 2019

We really need doc. for this.

pittersnider picture pittersnider on 25 Aug 2019

Here you go!
https://googleapis.dev/nodejs/google-auth-library/latest/interfaces/GenerateAuthUrlOpts.html#state

TL;DR: you can pass a state property in the options to generateAuthUrl that contains a string which is passed back to your redirect URI after generating a new code :)

JustinBeckwith picture JustinBeckwith on 26 Aug 2019
🎉2

Please don't do this:

state: JSON.stringify({ your: 'informations' }), // needs to be a string

The state param needs to be a random string and not predictable or you will be vulnerable to several OAuth2 attack vectors.

aeneasr picture aeneasr on 2 Oct 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

lowagner picture lowagner  路  3Comments
peterpme picture peterpme  路  3Comments
eduDorus picture eduDorus  路  3Comments
suparnavg picture suparnavg  路  3Comments
raapperez picture raapperez  路  3Comments