I have an application which is composed by a javascript frontend, and a Java backend deployed in Tomcat. The communication between frontend and backend is all via REST. I am using Jersey for this.
I followed the official documentation to add Google sign-in in my application: https://developers.google.com/identity/sign-in/web/ and successfully managed to authenticate with the backend:
GoogleIdToken idToken = verifier.verify(idTokenString);
if (idToken != null) {...
The question is: how do I have to proceed now? Following the documentation here https://developers.google.com/identity/protocols/OpenIDConnect#authenticatingtheuser it says
After obtaining user information from the ID token, you should query your app's user database. If the user already exists in your database, you should start an application session for that user. ...
Should I just start a normal java webapp session? (with the only difference that I got the user credentials from Google instead of directly from my frontend).
I am completely lost here. Please help.
My above question was oriented. Once authenticated with Google, you have to do the exact same thing as what you would do after having checked the email/password: create a session with the username.