I have a webapp (Angular) built on top of a Laravel application. The login stuff for Laravel is built using Passport. I am able to login using my webapp and all is well, however, there is a component of the application that requires the user giving access to their Google Calendar, for this I am using a Google Calendar API, which uses a call back URL. The flow is as such: User logs into web app, clicks "add google calendar access" -> redirected to google, selects the account -> google comes back to a call back URL on Laravel APP. Problem is, how do I make laravel APP know which user is logged into the web app? Is laravel able to access the local storage of the web app to see which user is logged in?
One potential idea I have is, when the user clicks on "Authenticate with google calendar" inside the web app, the server backend creates a temporary token, which then redirects user to http://example-app?token=authtoken which logs the user into the server side, then redirects them to Google Calendar and then comes back to the callback URL (so the backend knows which user to store the google calendar data for).
CodePudding user response:
When making an OAuth2 request you can send a state parameter alongside with it.
You could create an object with the user ID and the exact path where the user was when making the request for example, and base64url encode it. Upon successfull authentication and authorization, Google will return the state parameter to your callback URL, where you in turn get the parameter, base64url decode it, read its value and work on from there.
You can look it up in the official documentation scrolling down the table a bit.