Configuration
In order to be able to use the google authentication provider, you have to add the configuration to your newly added plugins. To do so here are the steps
1
Configure your google developer console
2
Go to your medusa-config.js
3
Check that the variables are set with the appropriate values
const BACKEND_URL = process.env.BACKEND_URL || "localhost:9000"
const ADMIN_URL = process.env.ADMIN_URL || "localhost:7000"
const STORE_URL = process.env.STORE_URL || "localhost:8000"
const GoogleClientId = process.env.GOOGLE_CLIENT_ID || ""
const GoogleClientSecret = process.env.GOOGLE_CLIENT_SECRET || ""
Then in your plugins
collections, if you did not already inserted the plugin, add the following otherwise, you can
just add the google
options to your auth plugin options
{
resolve: "medusa-plugin-auth",
/** @type {import('medusa-plugin-auth').AuthOptions} */
options: {
// strict: "all", // or "none" or "store" or "admin"
google: {
clientID: GoogleClientId,
clientSecret: GoogleClientSecret,
admin: {
callbackUrl:`${BACKEND_URL}/admin/auth/google/cb`,
failureRedirect: `${ADMIN_URL}/login`,
// The success redirect can be overriden from the client by adding a query param `?redirectTo=your_url` to the auth url
// This query param will have the priority over this configuration
successRedirect: `${ADMIN_URL}/`,
// authPath: '/admin/auth/google',
// authCallbackPath: '/admin/auth/google/cb',
// expiresIn: 24 * 60 * 60 * 1000,
// verifyCallback: (container, req, accessToken, refreshToken, profile, strict) => {
// // implement your custom verify callback here if you need it
// }
},
store: {
callbackUrl:`${BACKEND_URL}/store/auth/google/cb`,
failureRedirect: `${STORE_URL}/login`,
// The success redirect can be overriden from the client by adding a query param `?redirectTo=your_url` to the auth url
// This query param will have the priority over this configuration
successRedirect: `${STORE_URL}/`,
// authPath: '/store/auth/google',
// authCallbackPath: '/store/auth/google/cb',
// expiresIn: 24 * 60 * 60 * 1000,
// verifyCallback: (container, req, accessToken, refreshToken, profile, strict) => {
// // implement your custom verify callback here if you need it
// }
}
}
}
}
The options that are commented are optional
and the value that you see are the default values
4
Update your client to add the authentication action
<a type="button" href=${medusa_url}/${authPath} className="text-white bg-[#4285F4] hover:bg-[#4285F4]/90 focus:ring-4 focus:outline-none focus:ring-[#4285F4]/50 font-medium rounded-lg text-sm px-5 py-2.5 text-center inline-flex items-center dark:focus:ring-[#4285F4]/55 mr-2 mb-2">
<svg className="mr-2 -ml-1 w-4 h-4" aria-hidden="true" focusable="false" data-prefix="fab" data-icon="google" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 488 512"><path fill="currentColor" d="M488 261.8C488 403.3 391.1 504 248 504 110.8 504 0 393.2 0 256S110.8 8 248 8c66.8 0 123 24.5 166.3 64.9l-67.5 64.9C258.5 52.6 94.3 116.6 94.3 256c0 86.5 69.1 156.6 153.7 156.6 98.2 0 135-70.4 140.8-106.9H248v-85.3h236.1c2.3 12.7 3.9 24.9 3.9 41.4z"></path></svg>
Sign in with Google
</a>
medusa_url
correspond to your backend server url (e.ghttp://localhost:9000
)authPath
correspond toauthPath
configuration in your plugin (e.gadmin/auth/google
)
Default behaviour
The default verifyCallback
flow looks as follow (unless the strict
option is changed to none
or store
or admin
depending on the targeted domain)
- for the
admin
- if the user trying to authenticate exists
- then we are looking in the metadata to find if the strategy identifier is present in
authProvider
.- If it is not, the user authentication gets rejected.
- In the case it is present, then the user authentication gets authorized.
- then we are looking in the metadata to find if the strategy identifier is present in
- if the user trying to authenticate does not exist, an unauthorized error will be returned
- if the user trying to authenticate exists
- for the
store
- if the customer trying to authenticate exists
- then we are looking in the metadata to find if the strategy identifier is present in
authProvider
.- If none are found, then the customer gets authenticated and can proceed and the metadata gets updated.
- In the case another external authentication method have been used in the past, then an unauthorized will be returned.
- then we are looking in the metadata to find if the strategy identifier is present in
- if the customer trying to authenticate does not exist, a new customer will be created and the authentication flow follow the previous point
- if the customer trying to authenticate exists