Custom Google Authentication Potential Bug

Arky_Asmal · March 29, 2022, 1:56pm

So my app requires a custom implementation of Google Authentication, since I pass additional parameters that the app gathers from users, upon sign up, and can even prevent an account creation based on some additional security parameters.

Therefore, as per the documentation, I’m using the Custom Function provider to login my users.

To implement Google Auth, there’s an essential step - to verify the Id token received from Google. The best way to do this, is to use google-auth-library which is provided directly from Google.

I initially thought the problem lied in the library, but I setup a test server using node and express, and tested this verification step. There was no error, and I received the verified and decoded token. I setup the same exact function on MongoDB Realm, and received an error.

Due to this, I’m wondering if Realm does not support some of google-auth-library packages. If this the case, would this be a new feature request, or would this be a bug, given how essential this is for any custom authentication that relies on Google?

Example Payload:

{
  token: {
    clientId: GoogleClientId,
    credential: GoogleIdToken
    select_by: 'btn'
  },
  custom_data:{
      occupation: "Teacher"
  }
}

Test Express Server code:

const express = require("express")
const cookieParser = require("cookie-parser");
const cors = require("cors");
const app = express();

//Middleware
app.use(express.json());
app.use(cookieParser());
app.use(cors());

//Google Auth
const PORT = process.env.PORT || 5000
app.post("/login", async (req, res) => {
    const payload = req.body
    const { token, custom_data} = payload
    const { OAuth2Client } = require("google-auth-library");
    const clientId = process.env.GOOGLE_CLIENT_ID
    const client = new OAuth2Client(clientId);

    //verify google token 
    async function verify() {
        const ticket = await client.verifyIdToken({
            audience: clientId,
            idToken: token.credential
        });
        const payload = ticket.getPayload();
        return payload;
    }
    const verifiedToken = await verify();
    res.send(verifiedToken);
});

app.listen(PORT, () => {
    console.log(`Server is running on Port ${PORT}`)
})

MongoDB Realm Error:

TypeError: ‘end’ is not a function

MongoDB Realm Function:

exports = async function(payload){
  const { 
     token,
     custom_data
  } = payload;
  const { OAuth2Client } = require("google-auth-library");
  const clientId = context.values.get("GOOGLE_CLIENT_ID");
  const client = new OAuth2Client(clientId);

  //verify google token 
  async function verify() {
    const ticket = await client.verifyIdToken({
        audience: clientId,
        idToken: token.credential
    });
    const payload = ticket.getPayload();
    return payload;
  }
  const verifiedToken = await verify();
  return verifiedToken;
};

Jeffrey_Pinyan1 · May 10, 2022, 5:42pm

I am encountering this same issue.

Khaled_Elyamany · August 30, 2022, 12:09pm

Same problem here, it is obviously caused by a dependency called whatwg-url

More details:

Thomas_Andersen · January 3, 2023, 2:02pm

I am encountering a similar issue (TypeError: ‘end’ is not a function) with the @google-cloud/storage package.

Mason_Tiffin · January 4, 2024, 2:41pm

I am experiencing the same problem with the @google-cloud/storage package. Did you find any fixes?