A simple full-stack application demonstrating OpenID Connect (OIDC) authentication with Google and GitHub.
OpenID Connect (OIDC) is an identity layer built on top of OAuth 2.0. It allows your application to:
- Verify user identity through external providers (Google, GitHub, etc.)
- Get basic profile information (name, email, photo)
- Authenticate users without handling passwords
1. User clicks "Sign in with Google"
2. Your app redirects to Google's login page
3. User logs in and grants permission
4. Google redirects back with an authorization code
5. Your backend exchanges the code for tokens
6. User info is extracted and stored in session
7. User is now authenticated!
npm install- Go to Google Cloud Console
- Create a new project (or select existing one)
- Navigate to APIs & Services > Credentials
- Click Create Credentials > OAuth client ID
- Select Web application
- Add authorized redirect URI:
http://localhost:3000/auth/callback/google - Copy the Client ID and Client Secret
- Go to GitHub Developer Settings
- Click New OAuth App
- Fill in the details:
- Application name: OIDC Demo (or anything you like)
- Homepage URL:
http://localhost:3000 - Authorization callback URL:
http://localhost:3000/auth/callback/github
- Click Register application
- Copy the Client ID
- Click Generate a new client secret and copy it
Copy the example environment file:
cp .env.example .envEdit .env and fill in your credentials:
SESSION_SECRET=your-random-secret-string
GOOGLE_CLIENT_ID=your-google-client-id.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=your-google-client-secret
GITHUB_CLIENT_ID=your-github-client-id
GITHUB_CLIENT_SECRET=your-github-client-secretnpm startVisit http://localhost:3000 in your browser.
OIDC/
├── package.json # Dependencies
├── webpack.config.js # Webpack configuration
├── .env # Your credentials (don't commit!)
├── .env.example # Template for credentials
├── server/
│ ├── index.js # Express server entry point
│ ├── auth.js # Passport.js configuration
│ └── routes.js # Auth & API routes
└── client/
├── public/
│ └── index.html # HTML template
└── src/
├── index.js # React entry point
├── App.jsx # Main component
└── components/
├── Login.jsx # Login buttons
└── Profile.jsx # User profile display
- OAuth 2.0: Authorization framework - "Can this app access my photos?"
- OIDC: Identity layer on OAuth - "Who is this user?"
- Authorization Code: Temporary code exchanged for tokens
- Access Token: Used to access protected resources
- ID Token: JWT containing user identity information
- Refresh Token: Used to get new access tokens
After OIDC authentication:
- User info is stored in server-side session
- Session ID is stored in browser cookie
- Subsequent requests use cookie for authentication
- Ensure callback URLs match exactly in Google/GitHub console
- Check for trailing slashes
- Make sure the server is running
- Check that
.envfile exists and has correct values
- Verify PORT in
.envmatches where you're browsing - Check no other app is using port 3000