Hi i am working on a project where a user logs in via google account.(localhost) I have implemented the google signup. As soon as I log in from my account I am getting the below error.

TokenError: Code was already redeemed.
       at Strategy.OAuth2Strategy.parseErrorResponse (c:\Projects\Internship_rideshare\node_modules\passport-google-oauth\node_modules\passport-oauth\node_modules\passport-oauth2\lib\strategy.js:298:12)
       at Strategy.OAuth2Strategy._createOAuthError (c:\Projects\Internship_rideshare\node_modules\passport-google-oauth\node_modules\passport-oauth\node_modules\passport-oauth2\lib\strategy.js:345:16)
       at c:\Projects\Internship_rideshare\node_modules\passport-google-oauth\node_modules\passport-oauth\node_modules\passport-oauth2\lib\strategy.js:171:43
       at c:\Projects\Internship_rideshare\node_modules\passport-google-oauth\node_modules\passport-oauth\node_modules\passport-oauth2\node_modules\oauth\lib\oauth2.js:176:18
       at passBackControl (c:\Projects\Internship_rideshare\node_modules\passport-google-oauth\node_modules\passport-oauth\node_modules\passport-oauth2\node_modules\oauth\lib\oauth2.js:123:9)
       at IncomingMessage.<anonymous> (c:\Projects\Internship_rideshare\node_modules\passport-google-oauth\node_modules\passport-oauth\node_modules\passport-oauth2\node_modules\oauth\lib\oauth2.js:142:7)
       at IncomingMessage.emit (events.js:129:20)
       at _stream_readable.js:908:16
       at process._tickCallback (node.js:355:11)

My code is as follows(snippet for google login):-

passport.use(new GoogleStrategy(google, function(req, accessToken, refreshToken, profile, done) {
  if (req.user) {
    User.findOne({ google: profile.id }, function(err, existingUser) {
      if (existingUser) {
        console.log('There is already a Google+ account that belongs to you. Sign in with that account or delete it, then link it with your current account.' );
        done(err);
      } else {
        User.findById(req.user.id, function(err, user) {
          user.google = profile.id;
          user.tokens.push({ kind: 'google', accessToken: accessToken });
          user.profile.displayName = user.profile.displayName || profile.displayName;
          user.profile.gender = user.profile.gender || profile._json.gender;
            //user.profile.picture = user.profile.picture || 'https://graph.facebook.com/' + profile.id + '/picture?type=large';
          user.save(function(err) {
            console.log('Google account has been linked.');
            done(err, user);
          });
        });
      }
    });
  } else {
    User.findOne({ google: profile.id }, function(err, existingUser) {
      if (existingUser) return done(null, existingUser);
      User.findOne({ email: profile._json.email }, function(err, existingEmailUser) {
        if (existingEmailUser) {
           console.log('There is already an account using this email address. Sign in to that account and link it with Google manually from Account Settings.' );
          done(err);
        } else {
          var user = new User();
          user.email = profile._json.email;
          user.google = profile.id;
          user.tokens.push({ kind: 'google', accessToken: accessToken });
          user.profile.displayName = profile.displayName;
          user.profile.gender = profile._json.gender;
            //user.profile.picture = 'https://graph.facebook.com/' + profile.id + '/picture?type=large';
          user.profile.location = (profile._json.location) ? profile._json.location.name : '';
          user.save(function(err) {
            done(err, user);
          });
        }
      });
    });
  }
}));

I am stuck on it.Please help me out..thanks

The problem is not in your "snippet", look at the routes. It should be absolute path on redirect for google.

router.get('/auth/google/callback',
passport.authenticate('google', { failureRedirect: '#/signIn' }),
function(req, res) {
// absolute path
    res.redirect('http://localhost:8888/#/home');
});

It's known issue, follow this link to other workarounds https://github.com/jaredhanson/passport-google-oauth/issues/82

I have come across this issue. The exact problem is your route.

app.get('/auth/google/callback', passport.authenticate('google'), (req, res) => {
   res.send('get the data');
});

At this point app had got user permission and google send a code to this url. Now what passport does here it took that code and made a request to google for user details and got it from google. Now we have to do something with this details otherwise you will get the error that you have got.

Now we can use serialiseUser and deserialiseUser of passport to save details in cookie and edit one line of above code to go at some url like that.

app.get('/auth/google/callback', passport.authenticate('google'), (req, res) => {
   res.redirect('/servey');  // just a url to go somewhere
});

I also had the same problem since few days. What I figured out is, you just need to complete the process. Until now you have only checked whether the user is present in the database or not. If not then you save the user to the database.

However, after this, when the google tries to redirect the user, the code that google+ API sent is already used or say it is no longer available. So when you check the user in your database, you need to serialize the user i.e store the code into your browser in a cookie so that when google redirects the user, it know who the user is. This can be done by adding the code given below.

//add this in current snippet
passport.serializeUser(function(user,done){
    done(null,user.id);
});

To use this cookie, you need to deserialize the user. To deserialize, use the code given below.

//add this in current snippet
passport.deserializeUser(function(id,done){
    User.findById(id).then(function(user){
        done(null, user);
    });
});

Also, you are required to start a cookie session and you can do this by adding the below code in your main app.js file.

const cookieSession = require('cookie-session');
app.use(cookieSession({
    maxAge: 24*60*60*1000, // age of cookie, the value is always given in milliseconds
    keys:[keys.session.cookiekey]
}));

//initialize passport
app.use(passport.initialize());
app.use(passport.session());

Note that you need to require the cookie-session package. Install it using

npm install cookie-session

Also, you require to write absolute URI in the callbackURL property in your google strategy.

I had the same problem.

Reseting client secret from google console solved the problem.