Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Login with offline=true and responseType=code doesn't have access to the current user name\email
See original GitHub issueTrying to run this code, results in succes and retrieve of the authorization token though, i can’t access the user.
`
successResponse = response => {
console.log('success:', response)
console.log('hello Loola User: ', response.profileObj.name)
}
<GoogleLogin clientId={config.googleOAuthClientID} scope= ‘profile email https://www.googleapis.com/auth/youtube’ buttonText=“Login” prompt=“consent select_account” onSuccess={this.successResponse} onFailure={this.errorResponse} onRequest={this.loadingResponse} approvalPrompt=“force” offline={true} uxMode=“redirect” //redirectUri= // responseType=“id_token permission code” responseType=“code” isSignedIn={true} /> `
This is the error I am getting as response.profileObj.name is not defined yet.
What is the right way to get the current user, after a successful login? (btw, it will work after a refresh to the page, though, it doesn’t sounds like the right solution.)
Issue Analytics
- State:
- Created 6 years ago
- Reactions:1
- Comments:7
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
There are two different relevant Oauth2 flows here: Implicit Flow and Server-Side Flow. Google covers both in this guide (although they don’t clearly map them as two different paths).
When you’re requesting authorization for implicit flow/client-side/SPA/native app, etc, google doesn’t give you the refresh token. That’s for good reason: They never expire. If your device or browser are compromised with a refresh_token, you just handed your account account away. If the same happens with an an access_token it is probably fine because they only live for 60 minutes.
If you plan on using the refresh token, you’ll get back the code as you see above. That has to be sent to your backend server where your server then goes through the steps in the above page in the guide to get it unencrypted. At that point you’ll have an access_token, refresh_token, id_token, possibly a domain (hd) for G-suite accounts, and some possibly more, depending on the scopes you requested.
Note:
approvalPrompt="force"is key here as well. If you don’t add that, you’ll only get a refresh_token from the very first request from that user for authorization.forceensures a refresh token comes back with every request.Also use the google oauth developer playground to validate this and see exactly how they’re doing it
For those who expiriencing such problem - there is hack to access gapi library directly and access user info from it
window.gapi.auth2.getAuthInstance().currentUser.get().getBasicProfile()