BE-12: Google OAuth Login Implementation

[tecnodeveloper]

Description:
Build Google login. User clicks Google → gets token → send to backend → verify → create/find user in MongoDB → generate JWT → user logged in → done.

---

User Story

Given user wants quick login
When user clicks Google login
Then system should authenticate and log user in

---

Tasks

---

Google Cloud Setup

1. Create Google OAuth App

   • Go to Google Cloud Console
   • Create new project
   • Enable Google OAuth

2. Get Credentials

   • Create OAuth Client ID
   • Add redirect URI (frontend URL)
   • Copy Client ID

---

Frontend Implementation

3. Add Google Login Button

   • Add "Login with Google" button
   • Use Google OAuth library

4. Integrate Google Auth

   • Install Google Identity Services
   • Initialize with Client ID

5. Handle Login Response

   • Receive ID token from Google
   • Send token to backend

---

Backend Setup (Flask / FastAPI)

6. Create Google Auth Route

   • POST /auth/google
   • Accept token from frontend

7. Verify Google Token

   • Use Google token verification
   • Validate token authenticity
   • Extract user info (email, name)

---

MongoDB Integration

8. Check Existing User

   • Search by email in users collection

9. Create User if Not Exists

   • Save name, email
   • Add provider = "google"
   • Add created_at

10. Avoid Duplicates

• Ensure unique email

---

JWT Session Handling

11. Generate JWT

• Create token after login
• Include user ID + email
• Set expiry

12. Return Response

• Send JWT to frontend
• Send user info

---

Postman Testing 🧪

13. Setup Postman

• Create POST request

14. Test /auth/google

• Send sample token (manual test)
• Verify response

15. Validate Errors

• Invalid token
• Expired token

---

Frontend Integration

16. Handle Backend Response

• Receive JWT
• Store token (localStorage/cookies)

17. User Redirect

• Redirect to chat/dashboard after login

18. UI Feedback

• Show loading
• Show error if login fails

---

Protected Routes

19. Setup Auth Guard

• Check JWT before accessing pages
• Redirect if not logged in

---

Run & Validate

20. Run Full System

• Start backend
• Start frontend

21. Test Full Flow

• Click Google login
• Complete login
• Verify user stored in MongoDB
• Verify JWT created

---

Acceptance Criteria

• Google OAuth login works
• Token verified in backend
• User stored in MongoDB
• JWT generated
• Postman test completed
• Frontend integration working

---

Testing Steps

1. Run backend + frontend
2. Click Google login
3. Complete OAuth flow
4. Check MongoDB user
5. Verify JWT token
6. Access protected routes

---

Definition of Done

• Google OAuth fully implemented
• MongoDB integration complete
• JWT session working
• Secure authentication flow