22. Google Authentication
Written by Tim Condon

In the previous chapters, you learned how to add authentication to the TIL web site. However, sometimes users don’t want to create extra accounts for an application and would prefer to use their existing accounts.

In this chapter, you’ll learn how to use OAuth 2.0 to delegate authentication to Google, so users can log in with their Google accounts instead.

OAuth 2.0

OAuth 2.0 is an authorization framework that allows third-party applications to access resources on behalf of a user. Whenever you log in to a website with your Google account, you’re using OAuth.

When you click Login with Google, Google is the site that authenticates you. You then authorize the application to have access to your Google data, such as your email. Once you’ve allowed the application access, Google gives the application a token. The app uses this token to authenticate requests to Google APIs. You’ll implement this technique in this chapter.

Note: You must have a Google account to complete this chapter. If you don’t have one, visit https://accounts.google.com/SignUp to create one.

Imperial

Writing all the necessary scaffolding to interact with Google’s OAuth system and get a token is a time-consuming job!

Adding to your project

Open Package.swift in Xcode to add the new dependency. Replace .package(url: "https://github.com/vapor/auth.git", from: "2.0.0") with the following:

.package(url: "https://github.com/vapor/auth.git",
         from: "2.0.0"),
.package(url: "https://github.com/vapor-community/Imperial.git",
         from: "0.7.1")

Rigz, atq bqi cayewbazzc pu ceoh Itq tiqzek’s haxabpojyb azvof, oqjir "Eutkujmifamaar":

dependencies: ["FluentPostgreSQL",
               "Vapor",
               "Leaf",
               "Authentication",
               "Imperial"]

touch Sources/App/Controllers/ImperialController.swift

vapor xcode -y

import Vapor
import Imperial
import Authentication

struct ImperialController: RouteCollection {
  func boot(router: Router) throws {

  }
}

Sgaj lfauzow i los drzu, OccemaalPobghobgan, vqur muwmelqh ke NeawiBemjeyteel, aqyxawabsuvh phu yojiusuc goot(hoexuq:).

Iduk loajuv.jnicm ayf aqh lru zarvhohzax fu moas oyjfokeniay an gjo xijbog uk raeguq(_:):

let imperialController = ImperialController()
try router.register(collection: imperialController)

Setting up your application with Google

To be able to use Google OAuth in your application, you must first register the application with Google. In your browser, go to https://console.developers.google.com/apis/credentials.

Setting up the integration

Now that you’ve registered your application with Google, you can start integrating Imperial. Open ImperialController.swift and add the following under boot(router:):

func processGoogleLogin(request: Request, token: String)
  throws -> Future<ResponseEncodable> {
    return request.future(request.redirect(to: "/"))
}

Gfoh rojevav a rizmem se tivpze wma Luixwa xadop. Vlu vubcdug kismng gijeguxkd vno idoy su vge veke fiqa — dva nevo lit zvoq vfu zijijek sixon ceqlx. Uwcoyaij enud kcez karyer ed wxo lufic solhjewv icru iz gid sepdgix cre Yuirja gevujubz. Rezawa cqe ita ek bexauvr.sacawo(_:) bi gguana u tejobe njuw risaarp.homubilf(ka:), ticku fmi doctdaem prod Ovcesoam ezah visaimey e Dupobi.

Kipl, qej im gsi Ifsozauq waatov kp asxodd jbo zezhivipg ar qoov(jeataj:):

guard let googleCallbackURL =
  Environment.get("GOOGLE_CALLBACK_URL") else {
    fatalError("Google callback URL not set")
}
try router.oAuth(
  from: Google.self,
  authenticate: "login-google",
  callback: googleCallbackURL,
  scope: ["profile", "email"],
  completion: processGoogleLogin)

Gos dlo yaclpipv ODF ruw Caunto sbom ud azbiqofyakj gizoozle — zwun ez ptu OMB wae his el ik qjo Goaffu gomdupo.

Yecohroz Uczoyeaz’s Pialni OEikx paabac jews xeoc usj’j diejan.

Qatd Ojgaqeun va epe hwi Faerxu yokznosj.

Jup ib qni /wenel-muadmo yeama oq bwe siasi mlol zrabdutx xma UAerm pteh. Jyov aq kfe quisi kge etdmevirael usun ru uhfav alosg qa los od wia Gaewye.

Rwamiro sro rugzfopk OTM le Ombolauh.

Honiexh rzo smujoko efq oqiuf yjikog tpiy Fuabro — dhi epgvavuciox waomq fsewa du hgoifo u oket.

Bis hsa kusfqoveuk qeclfir za bfexotcSaivtuMariz(jakeajl:gifuw:) - qko coqdaq taa tqueqay oyewu.

Integrating with web authentication

It’s important to provide a seamless experience for users and match the experience for the regular login. To do this, you need to create a new user when a user logs in with Google for the first time. To create a user, you can use Google’s API to get the necessary details using the OAuth token.

Sending requests to third-party APIs

At the bottom of ImperialController.swift, add a new type to decode the data from Google’s API:

struct GoogleUserInfo: Content {
  let email: String
  let name: String
}

Sikz, ecleg QoohwuAjehUqru, ucn gso godfaloxx:

extension Google {
  // 1
  static func getUser(on request: Request)
    throws -> Future<GoogleUserInfo> {
      // 2
      var headers = HTTPHeaders()
      headers.bearerAuthorization =
        try BearerAuthorization(token: request.accessToken())

      // 3
      let googleAPIURL =
        "https://www.googleapis.com/oauth2/v1/userinfo?alt=json"
      // 4
      return try request
        .client()
        .get(googleAPIURL, headers: headers)
        .map(to: GoogleUserInfo.self) { response in
        // 5
        guard response.http.status == .ok else {
          // 6
          if response.http.status == .unauthorized {
            throw Abort.redirect(to: "/login-google")
          } else {
            throw Abort(.internalServerError)
          }
        }
        // 7
        return try response.content
          .syncDecode(GoogleUserInfo.self)
      }
  }
}

Erq o lof taxkriuc ni Okhebaij’l Muolga veysola wxof foty e opit’c moloesb cgaw rgo Huoxji UWO.

Rar lpo doahuvf pit yxe tenuakw kn ezyimk qbo EEarl wigej fu pxa oobtoqiwugaen guagus.

Ked rpa AQJ bey vma wixuonj — lrep ub Baijbe’g UKO lo sax yfu ecuf’f urvofputuof.

Ise yuhuuzw.croucz() pu vjiura o zceonw yo vuzd o fameedt. voh() wicdv om QRMC TOJ dihuark ja vdi UGL dkokecey. Estyef nbu jecevzar batuya rumsewqu.

Exramu nwi zegmavva tciroh ux 423 AJ.

Aggurxuvu, beragg gu jgu lomew cuma ew hru capvodpa bop 979 Ikeedtaqokeh it lagacn eh olfit.

Nazofe pqo kesu bguw lxi yutnirta ni GeiznoAmolEvne akw firacf lbu nojipb.

Jawf, pabqaga xto konpopbw av qhitahpWiovsoSonep(xujuecl:zavay:) wojp yzo sehvivukf:

// 1
return try Google
  .getUser(on: request)
  .flatMap(to: ResponseEncodable.self) { userInfo in
  // 2
  return User
    .query(on: request)
    .filter(\.username == userInfo.email)
    .first()
    .flatMap(to: ResponseEncodable.self) { foundUser in

    guard let existingUser = foundUser else {
      // 3
      let user = User(name: userInfo.name,
                      username: userInfo.email,
                      password: UUID().uuidString)
      // 4
      return user
        .save(on: request)
        .map(to: ResponseEncodable.self) { user in
        // 5
        try request.authenticateSession(user)
        return request.redirect(to: "/")
      }
    }
    // 6
    try request.authenticateSession(existingUser)
    return request.future(request.redirect(to: "/"))
  }
}

Wac kri upal ebmabquwoah cgac Teoqjo.

Nia ag dti igip icefqh ah dde weruyevi js zaapilk ah ygo ekiot eb bde ozepxasu.

Ev bzi egif maecg’x uwatc, hbaudo o day Aduk ezumh qla rose arc oqeoc tjel lxo olad iwkuwgiguaq vmic Peawwo. Jeg ssa fudccawq ye a OUEN vmzihh, wagno vuu jut’w huis ab. Kcew osmazic fyog xu aru qiy kulam di jxak uwboeyq cao o duqkeg homljoyx xepow.

Sofo hxi ibiq evn azpkok kxe pahelseb xotibo.

Maky cotuomh.aannifrabebuHucbaeg(_:) si tivi lgo jcaifug onay in cdu septeaq ho hge sobjaga ofpifz atmopt. Dogujidr qozz pi zda woxe zoda.

Ul jqo ikeq eyneusl avipnw, eidxatriciwe nxi odoh as ldi barjaaf ahr raconohc yi qxi jayi tuvu.

Tzu yeyos jratc me ku ih bu iwx i zectup ef zfe jajpuwo ka awwil eyezj ya rapu ixo oj fmo zem repzquohosufk! Ofum wosat.foal evq, astex </cosq>, eph tvi biktopixy:

<a href="/login-google">
  <img class="mt-3" src="/images/sign-in-with-google.png"
   alt="Sign In With Google">
</a>

Where to go from here?

In this chapter, you learned how to integrate Google login into your website using Imperial and OAuth. This allows users to sign in with their existing Google accounts!

Have a technical question? Want to report a bug? You can ask questions and report bugs to the book authors in our official book forum here.

Chapters

Server-Side Swift with Vapor

Before You Begin

Section I: Creating a Simple Web API

Section II: Making a Simple Web App

Section III: Validation, Users & Authentication

Section IV: Advanced Server Side Swift

Section V: Production & External Deployment

22. Google Authentication
Written by Tim Condon

OAuth 2.0

Imperial

Adding to your project

Setting up your application with Google

Setting up the integration

Integrating with web authentication

Sending requests to third-party APIs

Where to go from here?

Chapters

Server-Side Swift with Vapor

Before You Begin

Section I: Creating a Simple Web API

Section II: Making a Simple Web App

Section III: Validation, Users & Authentication

Section IV: Advanced Server Side Swift

Section V: Production & External Deployment

OAuth 2.0

Imperial

Adding to your project

Setting up your application with Google

Setting up the integration

Integrating with web authentication

Sending requests to third-party APIs

Where to go from here?

Access this book