@live-change/google-authentication-service 0.8.33 → 0.8.35

package/account.js

@@ -0,0 +1,82 @@
+import App from '@live-change/framework'
+const app = App.app()
+import definition from './definition.js'
+
+export const User = definition.foreignModel("user", "User")
+
+export const googleProperties = {
+  email: {
+    type: String
+  },
+  email_verified: {
+    type: Boolean
+  },
+  name: {
+    type: String
+  },
+  given_name: {
+    type: String
+  },
+  family_name: {
+    type: String
+  },
+  picture: {
+    type: String
+  },
+  locale: {
+    type: String
+  }
+}
+
+export const Account = definition.model({
+  name: "Account",
+  properties: {
+    ...googleProperties
+  },
+  userItem: {
+    userReadAccess: () => true
+  }
+})
+
+definition.event({
+  name: 'accountConnected',
+  properties: {
+    account: {
+      type: String,
+      validation: ['nonEmpty']
+    },
+    user: {
+      type: User,
+      validation: ['nonEmpty']
+    },
+    data: {
+      type: Object,
+      properties: googleProperties,
+      validation: ['nonEmpty']
+    }
+  },
+  async execute({ user, account, data }) {
+    await Account.create({
+      ...data,
+      id: account,
+      user
+    })
+  }
+})
+
+definition.event({
+  name: "accountDisconnected",
+  properties: {
+    account: {
+      type: String,
+      validation: ['nonEmpty']
+    },
+    user: {
+      type: User,
+      validation: ['nonEmpty']
+    }
+  },
+  async execute({ account }) {
+    await Account.delete(account)
+  }
+})

package/connect.js

@@ -0,0 +1,138 @@
+import App from '@live-change/framework'
+const app = App.app()
+import definition from './definition.js'
+
+import Debug from 'debug'
+const debug = Debug('services:googleAuthentication')
+
+import { User, googleProperties, Account } from './account.js'
+import { getTokensWithCode, getUserInfo } from './googleClient.js'
+
+import { downloadData } from './downloadData.js'
+
+definition.trigger({
+  name: "connectGoogle",
+  properties: {
+    user: {
+      type: User,
+      validation: ['nonEmpty']
+    },
+    account: {
+      type: String,
+      validation: ['nonEmpty']
+    },
+    data: {
+      type: Object,
+      properties: googleProperties,
+      validation: ['nonEmpty']
+    },
+    transferOwnership: {
+      type: Boolean,
+      default: false
+    }
+  },
+  async execute({ user, account, data, transferOwnership },
+                context, emit) {
+    const { trigger } = context
+    const accountData = await Account.get(account)
+    if(accountData) {
+      if(accountData.user !== user) {
+        if(transferOwnership) {
+          emit({
+            'type': 'userOwnedAccountTransferred',
+            account, to: user
+          })
+          await downloadData(user, data, context)
+          return
+        }
+        throw 'alreadyConnectedElsewhere'
+      }
+      throw 'alreadyConnected'
+    }
+    emit({
+      type: 'accountConnected',
+      account, user, data
+    })
+    await trigger({ type: 'googleConnected'  }, {
+      user, account, data
+    })
+    await downloadData(user, data, context)
+  }
+})
+
+definition.trigger({
+  name: "disconnectGoogle",
+  properties: {
+    account: {
+      type: String,
+      validation: ['nonEmpty']
+    }
+  },
+  async execute({ account }, { client, service }, emit) {
+    const accountData = await Account.get(account)
+    if(!accountData) throw 'notFound'
+    const { user } = accountData
+    emit({
+      type: 'accountDisconnected',
+      account, user
+    })
+    await service.trigger({ type: 'googleDisconnected'  }, {
+      user, account
+    })
+  }
+})
+
+
+definition.action({
+  name: "connectGoogle",
+  properties: {
+    code: {
+      type: String,
+      validation: ['nonEmpty']
+    },
+    redirectUri: {
+      type: String,
+      validation: ['nonEmpty']
+    },
+    transferOwnership: {
+      type: Boolean,
+      default: false
+    }
+  },
+  async execute({ accessToken, transferOwnership }, { client, service }, emit) {
+    const user = client.user
+    if(!user) throw 'notAuthorized'
+    const tokens = await getTokensWithCode(code, redirectUri)
+    debug("TOKENS", tokens)
+    const googleUser = await getUserInfo(tokens.access_token)
+    debug("GOOGLE USER", googleUser)
+    const account = googleUser.sub
+    await service.trigger({ type: 'connectGoogle' }, {
+      user, account, data: googleUser,
+      transferOwnership
+    })
+    return {
+      action: 'connectGoogle',
+      user
+    }
+  }
+})
+
+definition.action({
+  name: "disconnectGoogle",
+  properties: {
+    account: {
+      type: String,
+      validation: ['nonEmpty']
+    }
+  },
+  async execute({ account }, { client, service }, emit) {
+    const accountData = await Account.get(account)
+    if(!accountData) throw 'notFound'
+    const { user } = accountData
+    if(user !== client.user) throw 'notAuthorized'
+    await service.trigger({ type: 'disconnectGoogle' }, {
+      user, account
+    })
+  }
+})

package/definition.js

@@ -0,0 +1,11 @@
+import App from '@live-change/framework'
+const app = App.app()
+
+import user from '@live-change/user-service'
+
+const definition = app.createServiceDefinition({
+  name: "googleAuthentication",
+  use: [ user ]
+})
+
+export default definition

package/downloadData.js

@@ -0,0 +1,46 @@
+import App from '@live-change/framework'
+const app = App.app()
+import definition from './definition.js'
+
+export async function downloadData(user, data, { trigger, triggerService }) {
+  console.log("download data", { user, data })
+  const res = await trigger({ type: 'setIdentification' }, {
+    sessionOrUserType: 'user_User',
+    sessionOrUser: user,
+    overwrite: false,
+    name: data.name,
+    givenName: data.given_name,
+    firstName: data.given_name,
+    familyName: data.family_name,
+    lastName: data.family_name,
+  })
+  //console.log("IDENTIFICATION SET!", res)
+  if(data.picture) {
+    //console.log("WILL DOWNLOAD PICTURE", data.picture)
+    const downloadAndUpdateImage = (async () => {
+      //console.log("DOWNLOAD PICTURE", data.picture)
+      const image = await triggerService({ service: 'image', type: "createImageFromUrl"  }, {
+        ownerType: 'user_User',
+        owner: user,
+        name: "google-profile-picture",
+        purpose: "users-updatePicture-picture",
+        url: data.picture,
+        cropped: true
+      })
+      //console.log("IMAGE DOWNLOADED", picture)
+      await trigger({ type: 'setIdentification' }, {
+        sessionOrUserType: 'user_User',
+        sessionOrUser: user,
+        overwrite: false,
+        image
+      })
+    })
+    downloadAndUpdateImage()
+  }
+  if(data.email_verified) {
+    await trigger({ type: 'connectEmail' }, {
+      email: data.email,
+      user
+    })
+  }
+}

package/googleClient.js

@@ -0,0 +1,58 @@
+import App from '@live-change/framework'
+const app = App.app()
+import definition from './definition.js'
+
+import Debug from 'debug'
+const debug = Debug('services:googleAuthentication')
+
+import axios from 'axios'
+
+const config = definition.config
+
+const googleClientId = config.clientId || process.env.GOOGLE_CLIENT_ID
+const googleClientSecret = config.clientId || process.env.GOOGLE_CLIENT_SECRET
+export { googleClientId, googleClientSecret }
+
+export async function getTokensWithCode(code, redirectUri) {
+  if(!code) throw new Error("No code provided")
+  if(!redirectUri) throw new Error("No redirectUri provided")
+
+  const options = {
+    url: 'https://accounts.google.com/o/oauth2/token',
+    method: 'post',
+    data: {
+      code: code,
+      client_id: googleClientId,
+      client_secret: googleClientSecret,
+      redirect_uri: redirectUri,
+      grant_type: "authorization_code"
+    }
+  }
+
+  try {
+    const response = await axios(options)
+    return response.data
+  } catch(error) {
+    console.error("OAUTH ERROR", error?.stack || error?.message || JSON.stringify(error))
+    console.error("OAUTH ERROR RESPONSE", error?.response?.data)
+    throw error?.response?.data  ? new Error(error?.response?.data) : error
+  }
+}
+
+export async function getUserInfo(accessToken) {
+  const options = {
+    url: 'https://www.googleapis.com/oauth2/v3/userinfo',
+    method: 'get',
+    headers: {
+      Authorization: `Bearer ${accessToken}`
+    }
+  }
+
+  try {
+    const response = await axios(options)
+    return response.data
+  } catch(error) {
+    console.error("OAUTH ERROR", error)
+    throw error?.response?.data  ? new Error(error?.response?.data) : error
+  }
+}

package/index.js

@@ -1,400 +1,12 @@
 import App from '@live-change/framework'
 const app = App.app()
+import definition from './definition.js'
 
-import Debug from 'debug'
-const debug = Debug('services:googleAuthentication')
+import "./account.js"
+import "./connect.js"
+import "./sign.js"
+import "./offlineAccess.js"
 
-import { OAuth2Client } from 'google-auth-library'
 
-import user from '@live-change/user-service'
-
-const definition = app.createServiceDefinition({
-  name: "googleAuthentication",
-  use: [ user ]
-})
-const config = definition.config
-
-const googleClientId = config.clientId || process.env.GOOGLE_CLIENT_ID
-const googleClient = new OAuth2Client(googleClientId)
-
-const User = definition.foreignModel("user", "User")
-
-const googleProperties = {
-  email: {
-    type: String
-  },
-  email_verified: {
-    type: Boolean
-  },
-  name: {
-    type: String
-  },
-  given_name: {
-    type: String
-  },
-  family_name: {
-    type: String
-  },
-  picture: {
-    type: String
-  },
-  locale: {
-    type: String
-  }
-}
-
-const Account = definition.model({
-  name: "Account",
-  properties: {
-    ...googleProperties
-  },
-  userItem: {
-    userReadAccess: () => true
-  }
-})
-
-definition.event({
-  name: 'accountConnected',
-  properties: {
-    account: {
-      type: String,
-      validation: ['nonEmpty']
-    },
-    user: {
-      type: User,
-      validation: ['nonEmpty']
-    },
-    data: {
-      type: Object,
-      properties: googleProperties,
-      validation: ['nonEmpty']
-    }
-  },
-  async execute({ user, account, data }) {
-    await Account.create({
-      ...data,
-      id: account,
-      user
-    })
-  }
-})
-
-definition.event({
-  name: "accountDisconnected",
-  properties: {
-    account: {
-      type: String,
-      validation: ['nonEmpty']
-    },
-    user: {
-      type: User,
-      validation: ['nonEmpty']
-    }
-  },
-  async execute({ account }) {
-    await Account.delete(account)
-  }
-})
-
-definition.trigger({
-  name: "signInGoogle",
-  properties: {
-    account: {
-      type: String,
-      validation: ['nonEmpty']
-    }
-  },
-  async execute({ account, session }, { service }, _emit) {
-    const accountData = await Account.get(account)
-    if(!accountData) throw { properties: { email: 'notFound' } }
-    const { user } = accountData
-    return service.trigger({ type: 'signIn' }, {
-      user, session
-    })
-  }
-})
-
-async function downloadData(user, data, service) {
-  await service.trigger({ type: 'setIdentification' }, {
-    sessionOrUserType: 'user',
-    sessionOrUser: user,
-    overwrite: false,
-    name: data.name,
-    givenName: data.given_name,
-    firstName: data.given_name,
-    familyName: data.family_name,
-    lastName: data.family_name,
-  })
-  if(data.picture) {
-    const downloadAndUpdateImage = (async () => {
-      const picture = await service.trigger({ service: 'pictures', type: "createPictureFromUrl"  }, {
-        ownerType: 'user_User',
-        owner: user,
-        name: "google-profile-picture",
-        purpose: "users-updatePicture-picture",
-        url: data.picture,
-        cropped: true
-      })
-      await service.trigger({ type: 'setIdentification' }, {
-        sessionOrUserType: 'user',
-        sessionOrUser: user,
-        overwrite: false,
-        picture
-      })
-    })
-    downloadAndUpdateImage()
-  }
-  if(data.email_verified) {
-    await service.trigger({ type: 'connectEmail' }, {
-      email: data.email,
-      user
-    })
-  }
-}
-
-definition.trigger({
-  name: "connectGoogle",
-  properties: {
-    user: {
-      type: User,
-      validation: ['nonEmpty']
-    },
-    account: {
-      type: String,
-      validation: ['nonEmpty']
-    },
-    data: {
-      type: Object,
-      properties: googleProperties,
-      validation: ['nonEmpty']
-    },
-    transferOwnership: {
-      type: Boolean,
-      default: false
-    }
-  },
-  async execute({ user, account, data, transferOwnership }, { service }, emit) {
-    const accountData = await Account.get(account)
-    if(accountData) {
-      if(accountData.user !== user) {
-        if(transferOwnership) {
-          emit({
-            'type': 'userOwnedAccountTransferred',
-            account, to: user
-          })
-          await downloadData(user, data, service)
-          return
-        }
-        throw 'alreadyConnectedElsewhere'
-      }
-      throw 'alreadyConnected'
-    }
-    emit({
-      type: 'accountConnected',
-      account, user, data
-    })
-    await service.trigger({ type: 'googleConnected'  }, {
-      user, account, data
-    })
-    await downloadData(user, data, service)
-  }
-})
-
-definition.trigger({
-  name: "disconnectGoogle",
-  properties: {
-    account: {
-      type: String,
-      validation: ['nonEmpty']
-    }
-  },
-  async execute({ account }, { client, service }, emit) {
-    const accountData = await Account.get(account)
-    if(!accountData) throw 'notFound'
-    const { user } = accountData
-    emit({
-      type: 'accountDisconnected',
-      account, user
-    })
-    await service.trigger({ type: 'googleDisconnected'  }, {
-      user, account
-    })
-  }
-})
-
-definition.action({
-  name: "signIn",
-  properties: {
-    accessToken: {
-      type: String
-    }
-  },
-  returns: {
-    type: User,
-    idOnly: true
-  },
-  waitForEvents: true,
-  async execute({ accessToken }, { client, service }, emit) {
-    const ticket = await googleClient.verifyIdToken({
-      idToken: accessToken,
-      audience: googleClientId
-    })
-    const googleUser = ticket.getPayload()
-    debug("GOOGLE USER", googleUser)
-    const account = googleUser.sub
-    const existingLogin = await Account.get(account)
-    const { session } = client
-    if(existingLogin) { /// Sign In
-      const { user } = existingLogin
-      await service.trigger({ type: 'signIn'  }, {
-        user, session
-      })
-      return {
-        action: 'signIn',
-        user
-      }
-    } else { // Sign up
-      throw 'notFound'
-    }
-  }
-})
-
-definition.action({
-  name: "signUp",
-  properties: {
-    accessToken: {
-      type: String
-    }
-  },
-  returns: {
-    type: User,
-    idOnly: true
-  },
-  waitForEvents: true,
-  async execute({ accessToken }, { client, service }, emit) {
-    const ticket = await googleClient.verifyIdToken({
-      idToken: accessToken,
-      audience: googleClientId
-    })
-    const googleUser = ticket.getPayload()
-    debug("GOOGLE USER", googleUser)
-    const account = googleUser.sub
-    const existingLogin = await Account.get(account)
-    const { session } = client
-    if(existingLogin) { /// Sign In
-      throw 'alreadyConnected'
-    } else { // Sign up
-      const user = app.generateUid()
-      await service.trigger({ type: 'connectGoogle' }, {
-        user, account, data: googleUser
-      })
-      await service.trigger({ type: 'signUpAndSignIn' }, {
-        user, session
-      })
-      return {
-        action: 'signUp',
-        user
-      }
-    }
-  }
-})
-
-definition.action({
-  name: "signInOrSignUp",
-  properties: {
-    accessToken: {
-      type: String
-    }
-  },
-  returns: {
-    type: User,
-    idOnly: true
-  },
-  waitForEvents: true,
-  async execute({ accessToken }, { client, service }, emit) {
-    const ticket = await googleClient.verifyIdToken({
-      idToken: accessToken,
-      audience: googleClientId
-    })
-    const googleUser = ticket.getPayload()
-    debug("GOOGLE USER", googleUser)
-    const account = googleUser.sub
-    const existingLogin = await Account.get(account)
-    const { session } = client
-    if(existingLogin) { /// Sign In
-      const { user } = existingLogin
-      await service.trigger({ type: 'signIn' }, {
-        user, session
-      })
-      return {
-        action: 'signIn',
-        user: existingLogin.user
-      }
-    } else { // Sign up
-      const user = app.generateUid()
-      await service.trigger({ type: 'connectGoogle' }, {
-        user, account, data: googleUser
-      })
-      await service.trigger({ type: 'signUpAndSignIn' }, {
-        user, session
-      })
-      return {
-        action: 'signUp',
-        user
-      }
-    }
-  }
-})
-
-definition.action({
-  name: "connectGoogle",
-  properties: {
-    accessToken: {
-      type: String
-    },
-    transferOwnership: {
-      type: Boolean,
-      default: false
-    }
-  },
-  async execute({ accessToken, transferOwnership }, { client, service }, emit) {
-    const ticket = await googleClient.verifyIdToken({
-      idToken: accessToken,
-      audience: googleClientId
-    })
-    const user = client.user
-    if(!user) throw 'notAuthorized'
-    const googleUser = ticket.getPayload()
-    debug("GOOGLE USER", googleUser)
-    const account = googleUser.sub
-    await service.trigger({ type: 'connectGoogle' }, {
-      user, account, data: googleUser,
-      transferOwnership
-    })
-    return {
-      action: 'connectGoogle',
-      user
-    }
-  }
-})
-
-definition.action({
-name: "disconnectGoogle",
-  properties: {
-    account: {
-      type: String,
-      validation: ['nonEmpty']
-    }
-  },
-  async execute({ account }, { client, service }, emit) {
-    const accountData = await Account.get(account)
-    if(!accountData) throw 'notFound'
-    const { user } = accountData
-    if(user !== client.user) throw 'notAuthorized'
-    await service.trigger({ type: 'disconnectGoogle' }, {
-      user, account
-    })
-  }
-})
 
 export default definition

package/offlineAccess.js

@@ -0,0 +1,133 @@
+import App from '@live-change/framework'
+const app = App.app()
+import definition from './definition.js'
+import Debug from 'debug'
+import { getTokensWithCode, getUserInfo } from './googleClient.js'
+const debug = Debug('services:googleAuthentication')
+
+export const OfflineAccess = definition.model({
+  name: "OfflineAccess",
+  userProperty: {
+    userReadAccess: () => true
+  },
+  properties: {
+    scopes: {
+      type: Array,
+      of: {
+        type: String,
+        validation: ['nonEmpty']
+      },
+      validation: ['nonEmpty']
+    },
+    refreshToken: {
+      type: String,
+      validation: ['nonEmpty']
+    },
+    accessToken: {
+      type: String
+    },
+    accessTokenExpire: {
+      type: Date
+    },
+    lastUse: {
+      type: Date
+    },
+    lastRefresh: {
+      type: Date
+    }
+  },
+  indexes: {
+    byUserAndScope: {
+      property: ['user', 'scope']
+    }
+  }
+})
+
+definition.view({
+  name: 'myOfflineAccessByScope',
+  properties: {
+    scope: {
+      type: String
+    }
+  },
+  returns: {
+    type: OfflineAccess
+  },
+  access: (params, { client, service }) => {
+    return !!client.user
+  },
+  async daoPath({ scope }, { client }) {
+    return OfflineAccess.indexObjectPath('byUserAndScope', [client.user, scope])
+  }
+})
+
+definition.event({
+  name: "offlineAccessSaved",
+  async execute({ user, refreshToken, timestamp }) {
+    await OfflineAccess.create({ id: user, user, refreshToken, lastUse: timestamp })
+  }
+})
+
+definition.event({
+  name: "offlineAccessDeleted",
+  async execute({ user }) {
+    await OfflineAccess.delete(user)
+  }
+})
+
+definition.event({
+  name: "offlineAccessUsed",
+  async execute({ user, timestamp }) {
+    await OfflineAccess.update(user, { lastUse: timestamp })
+  }
+})
+
+definition.event({
+  name: "offlineAccessRefreshed",
+  async execute({ user, timestamp }) {
+    await OfflineAccess.update(user, { lastRefresh: timestamp })
+  }
+})
+
+definition.event({
+  name: "offlineAccessDeleted",
+  async execute({ user }) {
+    await ApiAccess.delete(user)
+  }
+})
+
+definition.action({
+  name: 'addOfflineAccessToken',
+  properties: {
+    code: {
+      type: String,
+      validation: ['nonEmpty']
+    },
+    redirectUri: {
+      type: String,
+      validation: ['nonEmpty']
+    },
+    scope: {
+      type: String,
+      validation: ['nonEmpty']
+    }
+  },
+  async execute({ code, redirectUri, scope }, { client, service }, emit) {
+    const user = client.user
+    if(!user) throw 'notAuthorized'
+    const tokens = await getTokensWithCode(code, redirectUri)
+    console.log("TOKENS", tokens)
+    const scopes = tokens.scope.split(' ')
+    if(tokens.token_type !== 'Bearer') throw new Error("Invalid token type "+tokens.token_type)
+    await service.triggerService({ type: 'googleAuthentication_setUserOwnedOfflineAccess', service: definition.name }, {
+      user, scopes,
+      accessToken: tokens.access_token,
+      accessTokenExpire: tokens.expires_in ? new Date(Date.now() + tokens.expires_in * 1000) : null,
+      refreshToken: tokens.refresh_token,
+    })
+
+    return {
+      action: 'addOfflineAccessToken'
+    }
+  }
+})

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@live-change/google-authentication-service",
-  "version": "0.8.33",
+  "version": "0.8.35",
   "description": "",
   "main": "index.js",
   "scripts": {
@@ -21,10 +21,10 @@
     "url": "https://www.viamage.com/"
   },
   "dependencies": {
-    "@live-change/framework": "^0.8.33",
-    "@live-change/relations-plugin": "^0.8.33",
+    "@live-change/framework": "^0.8.35",
+    "@live-change/relations-plugin": "^0.8.35",
     "google-auth-library": "9.0.0"
   },
-  "gitHead": "98ff6f9c09e5fc1f408010df6cc8038eff571276",
+  "gitHead": "90fbb746dc7270895daf17b437ca48c0b0a01c01",
   "type": "module"
 }

package/sign.js

@@ -0,0 +1,160 @@
+import App from '@live-change/framework'
+const app = App.app()
+import definition from './definition.js'
+
+import Debug from 'debug'
+const debug = Debug('services:googleAuthentication')
+
+import { User, googleProperties, Account } from './account.js'
+import { getTokensWithCode, googleClientId, getUserInfo } from './googleClient.js'
+
+definition.trigger({
+  name: "signInGoogle",
+  properties: {
+    account: {
+      type: String,
+      validation: ['nonEmpty']
+    }
+  },
+  async execute({ account, session }, { service }, _emit) {
+    const accountData = await Account.get(account)
+    if(!accountData) throw { properties: { email: 'notFound' } }
+    const { user } = accountData
+    return service.trigger({ type: 'signIn' }, {
+      user, session
+    })
+  }
+})
+
+definition.action({
+  name: "signIn",
+  properties: {
+    code: {
+      type: String,
+      validation: ['nonEmpty']
+    },
+    redirectUri: {
+      type: String,
+      validation: ['nonEmpty']
+    },
+  },
+  returns: {
+    type: User,
+    idOnly: true
+  },
+  waitForEvents: true,
+  async execute({ code, redirectUri }, { client, service }, emit) {
+    const tokens = await getTokensWithCode(code, redirectUri)
+    debug("TOKENS", tokens)
+    const googleUser = await getUserInfo(tokens.access_token)
+    debug("GOOGLE USER", googleUser)
+    const account = googleUser.sub
+    const existingLogin = await Account.get(account)
+    const { session } = client
+    if(existingLogin) { /// Sign In
+      const { user } = existingLogin
+      await service.trigger({ type: 'signIn'  }, {
+        user, session
+      })
+      return {
+        action: 'signIn',
+        user
+      }
+    } else { // Sign up
+      throw 'notFound'
+    }
+  }
+})
+
+definition.action({
+  name: "signUp",
+  properties: {
+    code: {
+      type: String,
+      validation: ['nonEmpty']
+    },
+    redirectUri: {
+      type: String,
+      validation: ['nonEmpty']
+    },
+  },
+  returns: {
+    type: User,
+    idOnly: true
+  },
+  waitForEvents: true,
+  async execute({ accessToken }, { client, service }, emit) {
+    const tokens = await getTokensWithCode(code, redirectUri)
+    debug("TOKENS", tokens)
+    const googleUser = await getUserInfo(tokens.access_token)
+    debug("GOOGLE USER", googleUser)
+    const account = googleUser.sub
+    const existingLogin = await Account.get(account)
+    const { session } = client
+    if(existingLogin) { /// Sign In
+      throw 'alreadyConnected'
+    } else { // Sign up
+      const user = app.generateUid()
+      await service.trigger({ type: 'connectGoogle' }, {
+        user, account, data: googleUser
+      })
+      await service.trigger({ type: 'signUpAndSignIn' }, {
+        user, session
+      })
+      return {
+        action: 'signUp',
+        user
+      }
+    }
+  }
+})
+
+definition.action({
+  name: "signInOrSignUp",
+  properties: {
+    code: {
+      type: String,
+      validation: ['nonEmpty']
+    },
+    redirectUri: {
+      type: String,
+      validation: ['nonEmpty']
+    },
+  },
+  returns: {
+    type: User,
+    idOnly: true
+  },
+  waitForEvents: true,
+  async execute({ code, redirectUri }, { client, service }, emit) {
+    const tokens = await getTokensWithCode(code, redirectUri)
+    debug("TOKENS", tokens)
+    const googleUser = await getUserInfo(tokens.access_token)
+    debug("GOOGLE USER", googleUser)
+    const account = googleUser.sub
+    const existingLogin = await Account.get(account)
+    const { session } = client
+    if(existingLogin) { /// Sign In
+      const { user } = existingLogin
+      await service.trigger({ type: 'signIn' }, {
+        user, session
+      })
+      return {
+        action: 'signIn',
+        user: existingLogin.user
+      }
+    } else { // Sign up
+      const user = app.generateUid()
+      await service.trigger({ type: 'connectGoogle' }, {
+        user, account, data: googleUser
+      })
+      await service.trigger({ type: 'signUpAndSignIn' }, {
+        user, session
+      })
+      return {
+        action: 'signUp',
+        user
+      }
+    }
+  }
+})