Google login workflow demo
Deno native HTTP server, no third-party dependencies
Home
Deno + Google OpenID Connect

Minimal Google login workflow

This demo uses a server-side Authorization Code flow with OpenID Connect, plus state, nonce, PKCE, local ID token validation, and a first-party session cookie.

TLS is assumed to terminate at the Application Load Balancer, so this Deno app only listens for plain HTTP internally.

Continue with Google

What this app demonstrates

  1. The browser hits /iam/google.
  2. The server creates state, nonce, and a PKCE code verifier, then stores them in an encrypted, short-lived cookie.
  3. The user is redirected to Google's authorization endpoint.
  4. Google redirects back with an authorization code.
  5. The server exchanges the code at Google's token endpoint.
  6. The server verifies the ID token signature with Google's JWKS and validates core claims.
  7. The app issues its own local session cookie and renders the signed-in state.

Expected configuration

Public origin
https://www.v39.us
Redirect URI
https://www.v39.us/iam/callback
Scopes
openid email profile
Backend listener
http://0.0.0.0:8160