Wednesday, July 2, 2014

Use google-passport Authentication in Node.js Projects without Google+

NPM passport-google and 400 Error "OpenID auth request contains an unregistered domain"

If you've been using the Node.js module "passport-google" for authentication in your projects you will now notice that new projects are receiving an error stating:

"400 That's an error. OpenID auth request contains an unregistered domain."

This issue is due to the fact that Google has deprecated their OpenID API for new domains beginning in May 2014. Old projects which had previously been used should not have an issue (although you should upgrade at some point), but new projects will not be allowed to authenticate.

There are two fixes for this:

1) Convert your application to using the new, Google+ sign-in. This will require users to have a Google+ profile and approve your application to access it. The passport-google-plus module located on GitHub can do just that: https://github.com/sqrrrl/passport-google-plus

2) Convert your application to use OAuth2.0 signin. Your users will not need to have a Google+ profile and this new method is the closest match to the old. The passport-google-oauth module can help with this: https://github.com/jaredhanson/passport-google-oauth

If you choose the second option, be sure to only provide the userinfo scope (and not the google.plus scope):

passport.authenticate('google', { scope: ['https://www.googleapis.com/auth/userinfo.email'] })

One additional note is that you will now be required to register your application at https://console.developers.google.com and create a client ID and secret (which are used in the passport module).

1 comment: