[TASK-3] Create a login page for IIITBuzz . #24
Description
🚀 Feature: Login Page with Google OAuth 2.0 (Backend-Based)
We need to implement the Login page for IIITBuzz, following the design that has already been finalized in the UI/UX phase. This page will be accessible via the /login route and serve as the central entry point for user Login/Signup via Google OAuth 2.0.
✅ Requirements
- The login should not use the Google Sign-In SDK (
google.accounts.id) on the frontend. - OAuth 2.0 flow should be implemented using a backend-based (Authorization Code) approach.
- After successful login:
- The backend will verify the token using Google’s API.
- Create or update the user in the database.
- Issue a JWT to the client for session management.
📂 Expected Flow
- User clicks Login with Google on the
/loginpage. - The frontend redirects the request to the backend login endpoint to initiate the OAuth flow.
- The backend redirects the user to Google’s OAuth consent screen.
- Upon successful login, Google redirects to the backend callback URL.
- The backend verifies the auth code and retrieves user info.
- The backend creates/updates the user in the DB and returns a JWT.
- The frontend stores the JWT securely (e.g., in HttpOnly cookie or secure localStorage) and redirects the user to the app dashboard.
🔒 Security Considerations
- No usage of Google JavaScript SDK on the frontend.
- All tokens and client secrets will be handled securely in the backend.
- Ensure CSRF and XSS protection while storing tokens.
🔗 References
Feel free to discuss implementation details or suggest changes in the comments.