Skip to content

manifest/pal-google

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Pragmatic Authentication Library: Google workflows

Collection of Google workflows for PAL.

1. Google Login (OAuth2 Authorization Code Grant) workflow

For details, read the Google documentation.

Options

You can configure the workflow by passing options below into pal:new/2 or pal:group/2 functions:

  • client_id (required) - The client ID obtained from the Developers Console.
  • client_secret (required) - The client secret obtained from the Developers Console.
  • redirect_uri (required) - The client redirection endpoint. After completing its interaction with the resource owner, the authorization server directs the resource owner's user-agent to this uri.
  • scope (optional) - The scope of the access request.
  • request_options (optional) - Options for the hackney HTTP client.
  • includes (optional) - Parts of authentication schema to be processed by the workflow. All by default, [uid, credentials, info, extra, rules].

Input Data

  • code - The authorization code.
  • state - The state was previously passed to the authentication provider.
  • error If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid.

Authentication Schema

An successful execution of pal:authenticate/{2,3} function returns the authentication schema below.

#{access_token => <<"...">>, 
  token_type => <<"Bearer">>,
  expires_in => 3599,
  id_token => <<"...">>}

See a complete example with PAL and Cowboy HTTP server here.

2. Google OpenID User (an ID token validation) workflow

Options

You can configure the workflow by passing options below into pal:new/2 or pal:group/2 functions:

  • request_options (optional) - Options for the hackney HTTP client.
  • includes (optional) - Parts of authentication schema to be processed by the workflow. All by default, [uid, credentials, info, extra, rules].

Input Data

  • id_token (required) - An id token obtained using the pal_google_oauth2_authcode workflow.

Authentication Schema

An successful execution of pal:authenticate/{2,3} function returns the authentication schema below.

#{uid => <<"...">>,
  info =>
    #{email => <<"john@example.com">>}}

See a complete example with PAL and Cowboy HTTP server here.

3. Google+ User (user's profile data) workflow

Options

You can configure the workflow by passing options below into pal:new/2 or pal:group/2 functions:

  • request_options (optional) - Options for the hackney HTTP client.
  • includes (optional) - Parts of authentication schema to be processed by the workflow. All by default, [uid, credentials, info, extra, rules].

Input Data

  • access_token (required) - An access token obtained using the pal_google_oauth2_authcode workflow.

Authentication Schema

An successful execution of pal:authenticate/{2,3} function returns the authentication schema below.

#{uid => <<"...">>,
  info =>
    #{name => <<"John Doe">>,
      first_name => <<"John">>,
      last_name => <<"Doe">>,
      gender => <<"male">>,
      email => <<"john@example.com">>,
      image => <<"https://lh3.googleusercontent.com/...">>,
      uri => <<"https://plus.google.com/...">>}}

See a complete example with PAL and Cowboy HTTP server here.

License

The source code is provided under the terms of the MIT license.