Authentication
Payblocks comes with built-in authentication support, including Google OAuth integration.
Google Authentication Setup
-
Create a Google Cloud Project:
- Go to Google Cloud Console
- Create a new project or select an existing one
- Enable the Google OAuth2 API
-
Configure OAuth Consent Screen:
- Go to “OAuth consent screen”
- Choose “External” user type
- Fill in the required information
- Add necessary scopes (email, profile)
-
Create OAuth Credentials:
- Go to “Credentials”
- Click “Create Credentials” > “OAuth client ID”
- Choose “Web application”
- Add authorized redirect URIs:
- Development:
http://localhost:3000/api/auth/google/callback - Production:
https://your-domain.com/api/auth/google/callback
- Development:
-
Set Environment Variables:
GOOGLE_CLIENT_ID=your_client_idGOOGLE_CLIENT_SECRET=your_client_secretGOOGLE_CALLBACK_URL=http://localhost:3000/api/auth/google/callbackAuthentication Flow
-
Login Process:
- User clicks “Login with Google”
- Redirected to Google consent screen
- After approval, redirected back to your app
- Session created and user logged in
-
User Creation:
- First-time users automatically get a new account
- Email and basic profile info synced from Google
- Additional user fields can be filled later
Custom Authentication
Payblocks uses PayloadCMS’s authentication system. You can extend it with:
- Additional OAuth providers
- Email/password authentication
- Custom authentication strategies
Refer to PayloadCMS Authentication docs for more details.
Security Best Practices
-
Environment Variables:
- Never commit credentials to version control
- Use different credentials for development and production
- Regularly rotate secrets
-
OAuth Settings:
- Restrict authorized domains
- Only request necessary scopes
- Keep OAuth consent screen information up to date
-
Session Management:
- Configure appropriate session timeouts
- Implement secure session storage
- Handle session expiration gracefully