#Reactjs

In a React.js application (not using Next.js), the authentication flow with Google OAuth will follow similar principles, but the implementation differs because React lacks built-in API routing like Next.js. Here's how you can achieve it:

---

### **Steps for Google OAuth in React.js**

1. **Set Up Google Cloud Project**
   - Follow the same steps as in Next.js:
     - Go to the [Google Cloud Console](https://console.cloud.google.com/).
     - Create a project and enable the "Google Identity Services" API.
     - Configure the OAuth consent screen.
     - Create OAuth 2.0 credentials.
   - Add `http://localhost:3000` as the **Authorized JavaScript Origin** (since React uses client-side routing).
   - Add a **Redirect URI**, such as `http://localhost:3000/auth/callback`.

---

2. **Use a Backend for Secure Token Exchange**
   - React is a front-end library and cannot securely handle secrets like the `CLIENT_SECRET`. You need a backend to:
     - Securely store `CLIENT_ID` and `CLIENT_SECRET`.
     - Handle the OAuth flow and token exchange with Google's servers.

   Common backends for this purpose include:
   - Express.js
   - Django/Flask
   - Node.js with libraries like `passport-google-oauth20`.

---

3. **Authentication Flow**
   - When using React, the flow usually involves:
     1. **Frontend (React):**
        - User clicks the "Sign in with Google" button.
        - Redirect the user to Google’s OAuth login page.
     2. **Google Redirect:**
        - After login, Google redirects the user to a predefined **Redirect URI**, e.g., `http://localhost:3000/auth/callback`.
     3. **Backend (Node.js/Express):**
        - The backend receives the authorization code from the callback.
        - Exchanges the code for an access token using the `CLIENT_SECRET` on the server side.
        - Sends the access token or user data back to the frontend.
     4. **Frontend (React):**
        - Stores user data (or token) in a secure way (e.g., Context API, Redux).

---

4. **React Code Example Using Google Identity Services**
If you want a fully client-side solution (e.g., using the Google Identity Services SDK):

#### **Frontend-Only Implementation (Not Secure for Production)**

Install the Google Identity Services SDK:

```bash
npm install @react-oauth/google
```

Add the following code in your React component:

```jsx
import React from "react";
import { GoogleLogin } from "@react-oauth/google";

function Login() {
  const handleLogin = (response) => {
    console.log("Google Token:", response.credential);
    // Send the token to your backend for further processing (securely handle user data).
  };

  return (
    <div className="login-container">
      <h1>Login with Google</h1>
      <GoogleLogin
        onSuccess={handleLogin}
        onError={() => {
          console.log("Login Failed");
        }}
      />
    </div>
  );
}

export default Login;
```

#### **Steps in Backend for Secure Token Handling**
1. Receive the `response.credential` (JWT token) from the frontend.
2. Verify the token using Google’s `oauth2/v3/tokeninfo` API or a library like `google-auth-library`.
3. Store the authenticated user’s details in your database.

---

5. **Redirect URI in React**
For React, the **Redirect URI** will typically be `http://localhost:3000/auth/callback`. However:
- If you use a backend for token exchange, the **Redirect URI** will point to your backend endpoint, e.g., `http://localhost:5000/api/auth/callback`.

---

### **Key Differences Between React.js and Next.js**
| Feature                    | React.js                            | Next.js                              |
|----------------------------|-------------------------------------|--------------------------------------|
| API Routing                | Requires a separate backend         | Built-in (`pages/api/...`)           |
| Redirect URI Handling      | Directly in React or via backend    | Handled via Next.js API routes       |
| Secure Token Handling      | Needs a backend for secure handling | Managed by NextAuth                  |
| Simplicity for OAuth Setup | Requires manual implementation      | Easier with `next-auth` library      |

---

**Best Practice:** Use a backend for secure handling of `CLIENT_SECRET` and token exchange, even with React.js. Relying on only frontend logic is insecure for production applications.