The simplest way to get and compare the g_csrf_token cookie from Google One Tap is looking for the string with includes.
import { redirect, type ActionArgs, json } from "@remix-run/node"; import jwtDecode from "jwt-decode"; import { loggedIn } from "~/cookies"; export const action = async ({ request }: ActionArgs) => { // body const formData = await request.formData(); const body = Object.fromEntries(formData) as Record<string, string>; //cookie const cookieHeader = request.headers.get("Cookie"); if (!cookieHeader?.includes(body.g_csrf_token)) { return json({ message: "Wrong cookie" }, { status: 400 }); } const userInfo = jwtDecode(body.credential); // save your user in DB ... return redirect("/", { headers: { "set-Cookie": await loggedIn.serialize(true), // update this for a session }, }); };
I'm sure there must be a better way, but I'm still in the search.
If this was useful for you, it could be for others, please share. 馃
Abrazo. blissmo.
