#Using Imperial for Google federated authentication with bearer token instead of cookies / sessions?

I want users to be able authenticate themselves against my Vapor-based API with their Google account. I’ve investigated using Imperial, and it handles the Google OAuth flow just great — but it insists on creating a cookie-based session. My Vapor project is an API-only project; it shouldn’t have sessions, and I shouldn’t use cookies. Instead, I want to send the authenticated client some kind of bearer token or something to use on subsequent API requests.

How should I go about creating a token as a result of a successful Google auth?

Is this perhaps what Imperial’s GoogleJWT is for…? I can’t find docs for it, and can’t even make sense of what config I’m supposed to pass it.

(P.S. I’d love to help contribute docs to the project for this if/when I get it figured out!)

You have to use some form of cookies because the OAuth flow needs to be done via a browser, such as an ASWebAuthenticationSession. What you can do in your callback when the browser redirects to your site is pass a token using a custom URL

Ah, so the cookie is necessary for the OAuth flow itself?

Yes because you need some sort of session to idenify users across requests

OK, that makes sense. Thank you! And presumably I can just use Vapor’s JWT support to generate and pass back my token. (Unless there’s some other tool you’d recommend?)

You can generate whatever token you like

Google will send a requset to your server when the auth flow is complete, you then exchange that for whatever ongoing auth mechanism you're using

And pass that to the app to store

E.g. https://github.com/kodecocodes/vpr-materials/blob/editions/3.0/23-github-authentication/projects/final/TILApp/Sources/App/Controllers/ImperialController.swift#L112