Episode 9 of 21

Passport Callback Function

Handle the Passport callback — receive the user profile from Google, process the data, and call done() to continue the authentication flow.

Passport Callback Function

After Google authenticates the user, Passport calls your callback function with the user's profile data. This is where you decide what to do — check if the user exists, save them to a database, or create a session.

The Callback Function

passport.use(
    new GoogleStrategy({
        clientID: keys.google.clientID,
        clientSecret: keys.google.clientSecret,
        callbackURL: '/auth/google/redirect'
    }, function(accessToken, refreshToken, profile, done) {
        // This fires after Google sends back the user profile
        console.log('Access Token:', accessToken);
        console.log('Profile:', profile);
        console.log('ID:', profile.id);
        console.log('Name:', profile.displayName);
        console.log('Photo:', profile.photos[0].value);
    })
);

Callback Arguments

ArgumentContains
accessTokenToken to access Google APIs on behalf of the user
refreshTokenToken to get a new access token when it expires
profileThe user's Google profile data (name, email, photo)
doneA function you MUST call to continue the auth flow

The Profile Object

{
    id: '123456789',
    displayName: 'Shaun Pelling',
    name: { familyName: 'Pelling', givenName: 'Shaun' },
    emails: [{ value: 'shaun@gmail.com', verified: true }],
    photos: [{ value: 'https://lh3.googleusercontent.com/photo.jpg' }],
    provider: 'google'
}

Calling done()

function(accessToken, refreshToken, profile, done) {
    // Check if user exists in database
    // If not, create the user
    // Then call done:
    done(null, user);  // null = no error, user = the user object
}

done(null, user) tells Passport the authentication succeeded and passes the user object forward. Passport then serializes the user for the session.

Key Takeaways

  • The callback fires after Google authenticates the user and Passport gets the profile
  • profile contains the user's Google ID, name, email, and photo
  • You must call done(null, user) to complete the authentication process
  • This is where you save or retrieve the user from your database