node express react oauth pass access token after athorization in callback with react client app
I'll give my best to answer your question. So the problem with SPA(Single Page Application) and OAuth login is that the only way to transfer data with redirects is URL query string. The JWT(JSON Web Token) would allow this, but it's only supported in mobile native SDK-s. Solution for the web, without using the popover flows here:
For Node.js I suggest to use Passport.js OAuth modules, the login flow:
- Example /auth/google -> redirect to Google login page.
- On success, you get redirected back to callback url /auth/google/callback
- You also get back the access_token, refresh_token, basic profile information etc.
- No sessions are used so we use the JWT and generate the token on server side.
- Redirect back to application with the token: app.example.com?token=JASJKDk..
- On client side extract the token from query string.
This is just one possible flow that you might use, instead of JWT you could also use session/cookie solution.