Learn to implement user authentication and role-based authorization (RBAC) using Google Identity Platform in this ultimate guide.
The code in this repository is fully functional; you can use it to construct the full auth/authz flow.
- User signs up (or in) via the web client
- Google Identity Platform (GIP) verifies the request and triggers blocking functions
- Blocking functions assign the role (admin or user) based on the email address
- If the user is an admin, they’ll be redirected to the Admin page
- If an unauthorized user comes straight to the Admin page →
- redirect them Home
- A request is made against the backend route
- The route triggers the Auth middleware
- The Auth middleware verifies the user against GIP
- If the user exists, the Authz (authorization) middleware is called
- If the user’s role is sufficient to continue, the handler is triggered
- Handler responds
- client-js - Vanilla JS client code for "Sign in with Google" (called
auth-google) and "Sign in with Email / Password" (calledauth-email) - client-react-next - React JS client code for "Sign in with Google" (called
auth-google) and "Sign in with Email / Password" (calledauth-email) - blocking-functions - Node JS function code and unit tests. The function can be deployed to GCP using (see
package.jsonscripts) - middleware-go - Golang backend with auth and authz middlewares
- middleware-node - Node backend with auth and authz middlewares
- client code can by run simply by
npm iin the appropriate folder and thennpm run devor by using live-server (in the Vanilla JS case) - blocking function code cannot be run locally but the unit tests can be run by
npm ifirst and thennpm run test - middleware Go code can be run by
docker-compose upin its folder. Then send requests tohttp://127.0.0.1:8089/user - middleware Node code can be run by
docker-compose upin its folder