Google Reconcile Lambda

    Google Reconcile lambda

    When a Google identity provider is used to complete a federated login request FusionAuth will use the email address to reconcile user. You may optionally utilize a lambda to customize the user and user registration during this authentication event.

    When you create a new lambda using the FusionAuth UI we will provide you an empty function for you to implement.

    If you are using the API to create the lambda you will need to ensure your function has the following signature: 

    
function reconcile(user, registration, idToken) {
  // Lambda code goes here
}

    This lambda must contain a function named reconcile that takes three parameters. The parameters that the lambda is passed are:

    • user - the FusionAuth User object. You can modify this, except the email or username attribute may not be modified after the user has been linked.

    • registration - the FusionAuth UserRegistration object. You can modify this.

    • idToken - the JSON payload returned by the Google Token Info API. This is read-only.

    The two FusionAuth objects are well documented here in the User API and Registration API documentation. The idToken may contain various user claims to utilize during the reconcile process.

    Assigning the lambda

    Once a lambda is created, you may assign it to the Google identity provider in the IdP configuration.

    Navigate to Settings → Identity Providers and select your existing Google configuration or click Add provider and select Google if it has not yet been configured.

    Default lambda

    A default Google reconcile lambda is available in FusionAuth that may be used or modified. The default Google lambda function is documented below. 

    
// This is the default Google reconcile, modify this to your liking.
function reconcile(user, registration, idToken) {

  // Un-comment this line to see the idToken object printed to the event log
  // console.info(JSON.stringify(idToken, null, 2));

  // The idToken is the response from the tokeninfo endpoint
  // https://developers.google.com/identity/sign-in/web/backend-auth#calling-the-tokeninfo-endpoint
  user.firstName = idToken.given_name;
  user.lastName = idToken.family_name;
  user.fullName = idToken.name;
  user.imageUrl = idToken.picture;
}

    Feedback

    How helpful was this page?

    See a problem?

    File an issue in our docs repo

    Have a question or comment to share?

    Visit the FusionAuth community forum.