The Issue:
I have to provide a Sign In With Google button on my GAE site. I used OpenID 2.0 but that is deprecated so I have to use OpenID Connect - or, as explain by a help page from Goolge:
If you provide a "sign-in with Google" feature, we recommend using Google Sign-In
So I've implemented the Basic Sign-In Integration described here: https://developers.google.com/identity/sign-in/web/sign-in
This seems to be what I need: the user name and email to identify them on my web site. The problem is that this seems to be a client-only solution (please correct me if I'm wrong) and I need the user info on the backend.
I also found this: Google Sign-In for server-side apps: https://developers.google.com/identity/sign-in/web/server-side-flow
But this seems to be for using ..
Google services on behalf of a user when the user is offline
.. I don't need that - no need to access apps or make API calls - I just need the user name and email - so this might be to heavy / complex for my needs.
The Question:
What's the simplest way to get the user name and email on the server side?
Many thanks!
There is no way to get it directly on the backend unless your appengine is installed on a google apps domain with special admin permissions (in that case you do get the domain user email directly server-side without doing the 3legged oauth2 flow).
What you want is what you already found. That client side flow gets the access token, then the client (or directly with redirect uri) sends the access token to the server. See the offcial docs for how to then get the email using that access token.
The client could also get the email and send it but that would make it easy for a bad client to fake an email.