Google and Microsoft SSO should be using proper Authorization Code Flow

[ppelayo1]

Currently the Google SSO, and the Microsoft SSO in a PR are using a front end library to get an Openid Connect IDToken. Better security could be achieved by properly following the Authorization Code Flow to obtain this IDToken.

This will involve rewriting both front and backend code, Pastport.js is a possible library to use for this goal. This will make the login process more secure.

[asharful70786]

Hi! , I’m a Node.js developer and I’d love to work on this.

I can help implement proper Authorization Code Flow using Passport.js for both Google and Microsoft SSO. If needed, I can set everything up from scratch — including secure OAuth setup on both the frontend and backend.

Additionally, I can add features like Google One Tap Login to enhance user experience.

Please let me know if I can take this on. Looking forward to contributing!

[JMStudiosJoe]

Hello Ashraful, This project is being sunsetted on our repo but is alive and well with another organization. We reached out to them and trying to get links over to you soon. Thank you for your interest, chat soon! Regards, Joey Richardson JMStudios CEO <https://www.jmstudios.net/> Artist Website <https://www.artofjosephrichardson.com/> Director of Frontend Engineering at Code for San Jose <https://www.codeforsanjose.com/> LinkedIn <https://www.linkedin.com/in/joseph-richardson-97206953/>

…

On Sun, Aug 3, 2025 at 2:39 AM Ashraful momin ***@***.***> wrote: *asharful70786* left a comment (codeforsanjose/project-happening-atm#266) <#266 (comment)> Hi! , I’m a Node.js developer and I’d love to work on this. I can help implement proper Authorization Code Flow using Passport.js for both Google and Microsoft SSO. If needed, I can set everything up from scratch — including secure OAuth setup on both the frontend and backend. Additionally, I can add features like Google One Tap Login to enhance user experience. Please let me know if I can take this on. Looking forward to contributing! — Reply to this email directly, view it on GitHub <#266 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AA6XRY3I2NA3SI7HAKUCI6T3LXKF5AVCNFSM6AAAAACC7YS2S6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTCNBYGMYDANZYGU> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.*** com>

[asharful70786]

Thank you for clarifying and for sharing the links 🙏. I completely understand that the project is being transitioned. I’ll definitely keep an eye on the new organization and would be glad to contribute whenever there are opportunities.

[errorsurface]

Hi Ashraful, Im the UX designer. As Joey said the project transitioned to a different org. It would be great to have you as a contributor! Please send an email to onlyinsj@gmail.com and I can set up an intro call.

[asharful70786]

Thanks a lot for the update , Could you please share the link to the new GitHub organization (or any related Info) here so I can follow along and start contributing?

[errorsurface]

I’ll give you access to the Svelte-based prototype on my account, but It’s better if we do a call or chat over Slack first. The MVP went through significant changes, and it’ll need a full review of the stack and architecture.

[asharful70786]

Sounds good, thanks for clarifying! I’m open to a call or Slack chat as suggested. I’ll also send you an email from my personal account so we can coordinate further.