I have asked this question here:
As well as on gitter. I don’t seem to be able to get an answer. Considering this is the recommended way to authenticate users - all of the examples I’ve seen skip the important bit: validating the auth code.
Has anyone managed to fill in the blanks? Can anyone help guide me over this last hurdle?
I’m in quick a spin atm having wasted all day yesterday on the google developer console trying out different URL combinations and sacrificing various farmyard animals!
Cheers
I use ember-simple-auth with torii on the front-end to get my authorization code, then give that to my server which then swaps that for an access token using the rest API described on Using OAuth 2.0 for Web Server Applications | Google Identity | Google Developers (go to the “Handling the OAuth 2.0 server response” section).
Remember that the redirect URI you use to swap your authorization code for the access token should be the same redirect URI you used to get the authorization code in the first place.
My redirect URI is simply my base URL (http://localhost:5000 or http://some-website.com).
It does make developing locally a bit awkward. I can’t use the ember server host, and rather have to build the app to the public directory on my local server project (even if you proxy to your local servers port, if the redirect URL doesn’t match your current URL when getting the authorization code from your front-end it’ll try redirect you to your local server, since ember server will still host on a different port).
I’ve litterally just figured this part out!
ember server --proxy http://localhost:1337
Means they can share the same URL but not necessarily run in the same directory / process 
Wrote up my findings - if anyone is interested