1
00:00:00,690 --> 00:00:05,310
In the last section we were able to test out a little bit more inside of our authentication flow and

2
00:00:05,310 --> 00:00:11,760
at the very end we saw that presumably at the terminal some access token or something like that got

3
00:00:11,760 --> 00:00:13,100
console logged out.

4
00:00:13,320 --> 00:00:18,150
Inside this section we're going to figure out a little bit more about what this access token is what

5
00:00:18,150 --> 00:00:24,090
the purpose of this arrow function is at at all and exactly where we are inside of our authentication

6
00:00:24,090 --> 00:00:24,680
flow.

7
00:00:24,960 --> 00:00:26,940
So we're going to first address that third item.

8
00:00:26,940 --> 00:00:29,600
We're going to figure out where we are inside of our flow.

9
00:00:29,850 --> 00:00:33,800
It's always important to look back to this diagram to have a really good sense of what's going on.

10
00:00:34,140 --> 00:00:37,640
So at this point we have redirected our user over to Google.

11
00:00:37,710 --> 00:00:39,630
They granted us permission.

12
00:00:39,630 --> 00:00:44,780
We got sent back to localhost 5000 slash slash school slash callback.

13
00:00:45,040 --> 00:00:51,570
The passport strategy saw the code inside of the your L and automatically did a follow up request over

14
00:00:51,570 --> 00:00:57,930
to Google to exchange that code with the user's actual profile and e-mail address.

15
00:00:57,990 --> 00:01:03,660
After that follow up request is made the callback function that arrow function.

16
00:01:03,660 --> 00:01:07,880
The second argument to the Google strategy was executed.

17
00:01:08,310 --> 00:01:14,760
So this arrow function right here is our opportunity to take all the information that we just got back

18
00:01:14,760 --> 00:01:20,400
from Google like the actual user's profile and that access token which we'll talk about in just a second.

19
00:01:20,460 --> 00:01:26,130
That's our opportunity to now create a new user inside of our database that says hey here's this person

20
00:01:26,250 --> 00:01:28,320
they have signed up before using Google.

21
00:01:28,350 --> 00:01:32,610
They now have access to our application and they can create surveys and all that kind of good stuff

22
00:01:32,640 --> 00:01:34,010
inside of our app.

23
00:01:34,080 --> 00:01:40,650
So this arrow function is our opportunity to now take this identifying user information and save it

24
00:01:40,650 --> 00:01:47,730
to our database if we want to get a better sense of exactly what is happening inside this aero function.

25
00:01:47,760 --> 00:01:52,680
We're going to add on a couple more arguments and then console log them all out and that will give us

26
00:01:52,680 --> 00:01:55,760
a little bit of a better idea of what's going on inside of you.

27
00:01:56,250 --> 00:02:01,300
So I'm going to put a set of parentheses around the access token argument because we want to get a couple

28
00:02:01,300 --> 00:02:03,520
of other arguments out of here as well.

29
00:02:03,540 --> 00:02:11,500
We're going to also take an argument called refresh tokin profile and done.

30
00:02:11,520 --> 00:02:16,260
And then inside of the body of this function we're going to cancel log out the access token.

31
00:02:16,590 --> 00:02:20,840
I'm going to add a little string here to just mark each thing that we're con. logging.

32
00:02:21,060 --> 00:02:23,900
We're going to cancel log the refreshed token

33
00:02:29,470 --> 00:02:32,290
and then we'll also cancel log out the profile.

34
00:02:35,610 --> 00:02:36,050
OK.

35
00:02:36,160 --> 00:02:39,660
So we're now going to go through our a lot flow one more time.

36
00:02:39,790 --> 00:02:44,950
And when we come back to our server we should see all these council logs kick in and then we can kind

37
00:02:44,950 --> 00:02:50,210
of inspect some of the information that we're working with in our side of this callback.

38
00:02:50,260 --> 00:02:51,370
So one last thing we have to do.

39
00:02:51,370 --> 00:02:55,270
Remember any time that we change our code right now we have to restart our server.

40
00:02:55,270 --> 00:02:56,950
We will fix that up very shortly.

41
00:02:56,950 --> 00:02:58,450
So we don't have to do that.

42
00:02:58,480 --> 00:03:03,820
Now if your server is still running you can stop it by pressing control C on your keyboard and that

43
00:03:03,820 --> 00:03:05,560
should kill the server.

44
00:03:05,560 --> 00:03:09,490
So once you've killed the server will then start it back up with node index stock.

45
00:03:09,520 --> 00:03:10,920
Yes.

46
00:03:10,990 --> 00:03:11,260
OK.

47
00:03:11,290 --> 00:03:12,400
So it's now running.

48
00:03:12,400 --> 00:03:14,170
We're now going to run through our waterflow.

49
00:03:14,170 --> 00:03:17,090
One more time and then check out those console logs.

50
00:03:17,380 --> 00:03:24,250
So inside of a new browser tab going to visit localhost Kulin 5000 slash Auth. slash Google.

51
00:03:24,310 --> 00:03:29,530
Now remember at this point in time we have already given Google access to our account so we might just

52
00:03:29,620 --> 00:03:35,130
instantly kind of get redirected back over to our server and the browser will seem to just hang again.

53
00:03:35,140 --> 00:03:37,410
Now if that happens to you that's totally fine.

54
00:03:37,570 --> 00:03:42,580
So I'm going to go to local shows 5000 Google and again you can tell right now it looks like everything

55
00:03:42,580 --> 00:03:43,490
is just hanging.

56
00:03:43,810 --> 00:03:49,960
But all that means is that we have previously given this application access to our profile and so Google

57
00:03:49,960 --> 00:03:54,490
is really not asking us to grant permission or select account or anything like that anymore.

58
00:03:54,520 --> 00:03:58,140
Google is just saying Oh you've already been here you've already granted permission.

59
00:03:58,170 --> 00:03:58,440
OK.

60
00:03:58,450 --> 00:03:59,910
Just go right back to the server.

61
00:03:59,950 --> 00:04:04,480
And so that's why as soon as we put that you are Ellen It seems like everything is just happening right

62
00:04:04,480 --> 00:04:04,900
now.

63
00:04:04,900 --> 00:04:09,580
The request is pending on our server and it's waiting for us to do something.

64
00:04:09,690 --> 00:04:14,940
OK so at this point this callback function should have been executed because remember it is called the

65
00:04:14,940 --> 00:04:20,760
instant that the user gets sent back to our server and we exchange that code for some identifying information.

66
00:04:20,760 --> 00:04:25,100
So now if we go back to our terminal we'll see those three console logs that we put in.

67
00:04:25,110 --> 00:04:30,000
So if I scroll up a little bit you'll see the console log for access token.

68
00:04:30,090 --> 00:04:34,140
So here's the access token here's the refresh token which is undefined.

69
00:04:34,290 --> 00:04:40,530
And then here is our profile information which contains all the identifying information for this particular

70
00:04:40,530 --> 00:04:41,230
user.

71
00:04:41,550 --> 00:04:47,220
So here is my display name my family name a list of all my different email addresses.

72
00:04:47,220 --> 00:04:53,370
My profile picture gender all this other kind of stuff that we might want to get access to inside of

73
00:04:53,370 --> 00:04:54,570
our application.

74
00:04:54,570 --> 00:04:55,650
So this is pretty much it.

75
00:04:55,650 --> 00:04:57,330
This is the heart of what we're getting at right here.

76
00:04:57,330 --> 00:05:04,350
This is our identifying information now really quickly on the access token and the refreshed token.

77
00:05:04,350 --> 00:05:12,600
First off the access token if we had asked for permission to read say the users e-mail contact list

78
00:05:12,720 --> 00:05:18,030
or read all of their e-mails or anything like that kind of like do something on the user's behalf or

79
00:05:18,030 --> 00:05:20,760
kind of modify their account in some fashion.

80
00:05:20,760 --> 00:05:23,390
That is the purpose of this access token right here.

81
00:05:23,430 --> 00:05:29,460
It is a token that essentially allows us to reach back over to Google and say hey in the past this user

82
00:05:29,470 --> 00:05:35,550
said that we could read their profile or that we could add or delete emails inside or out inside their

83
00:05:35,550 --> 00:05:37,020
e-mail inbox.

84
00:05:37,020 --> 00:05:40,470
Here's the access token that proves that we are allowed to do that.

85
00:05:40,500 --> 00:05:45,660
And so it's access token access token excuse me is pretty important but we're not really using it for

86
00:05:45,660 --> 00:05:47,140
anything inside our application.

87
00:05:47,280 --> 00:05:50,300
So we're not going to be terribly concerned with it.

88
00:05:50,440 --> 00:05:57,690
Now the refreshed token right here would allow us to refresh the access token the access token automatically

89
00:05:57,690 --> 00:06:04,050
expires after some amount of time and we can be given optionally a refreshed token that allows us to

90
00:06:04,110 --> 00:06:09,630
automatically update the access token and essentially reach into the users account for some additional

91
00:06:09,630 --> 00:06:10,830
amount of time.

92
00:06:10,830 --> 00:06:15,450
Now again we're not making use of the access token so we don't really care about the refresh won at

93
00:06:15,450 --> 00:06:17,010
all either.

94
00:06:17,010 --> 00:06:21,910
Finally the profile which we just spoke about it has all of our actual identifying information.

95
00:06:21,930 --> 00:06:24,510
And so this is the thing that we really care about right here.

96
00:06:25,100 --> 00:06:25,900
OK.

97
00:06:26,340 --> 00:06:29,380
So we've definitely made some progress.

98
00:06:29,430 --> 00:06:35,610
We've got access to all the users information but at this point it's kind of like well that's great

99
00:06:35,670 --> 00:06:38,140
but what are we doing with it.

100
00:06:38,400 --> 00:06:44,280
So at this point we have really concluded with the passport side of our application more or less kind

101
00:06:44,340 --> 00:06:48,610
like we'll say kind of we that at least finished up with these steps right here.

102
00:06:48,660 --> 00:06:54,240
And so at this point it's now up to us to create a new record inside of our database and then kind of

103
00:06:54,240 --> 00:06:59,640
like do some magic stuff to make this user considered to be logged into our application.

104
00:06:59,640 --> 00:07:05,160
Now these last steps right here are like a whole gigantic can of worms.

105
00:07:05,190 --> 00:07:10,980
So in this section we're going to kind of say that phase one of our authentication flow is complete

106
00:07:11,400 --> 00:07:16,530
and in the next section we're going to start to move onto some stuff working around with databases and

107
00:07:16,530 --> 00:07:21,190
figuring out what authentication really really means inside of our application.

108
00:07:21,510 --> 00:07:23,150
So let's take a quick break.

109
00:07:23,160 --> 00:07:28,440
When we come back in the next section we're going to start to kick off the next phase of authentication

110
00:07:28,470 --> 00:07:29,410
inside of our app.

111
00:07:29,640 --> 00:07:31,330
So I'll see you in just a second.