I'm trying to integrate Google Sign-In
on my website with a view to authenticating users on my backend API (Golang). Here's a diagram to illustrate what I'm trying to do:
So I tried to use the HTML method to render the Google button, and I specified a backend endpoint in the login_url
attribute in order to validate the JWT server-side and authenticate the user...
Sources:
render google button using the html method
...But the button disappears quickly because the Google script render the button first, and then Svelte tries to do the same while rendering the requested webpage. The same issue is mentioned here for react: https://stackoverflow.com/a/71241558/1216281
So, I tried the javascript method, and the button is displayed correctly. But the difference here is that I cannot specify a backend endpoint in the API Call to validate the JWT server-side. I can only specify a javascript callback. So the implementation would look like this:
Is-it the correct way to do it, then?
I got mixed up in the docs. Response here: https://developers.google.com/identity/gsi/web/guides/integrate#:~:text=The%20purpose%20of%20returning%20ID%20tokens%20to%20the%20JavaScript%20callback%20handler%20on%20the%20client%20side%2C%20is%20not%20for%20you%20to%20decode%20it%20in%20the%20JavaScript%20code%2C%20but%20for%20you%20to%20submit%20it%20to%20your%20server%20in%20your%20own%20way.
The purpose of returning ID tokens to the JavaScript callback handler on the client side, is not for you to decode it in the JavaScript code, but for you to submit it to your server in your own way.
Once you validate the token, you can generate your App Token or a Session Cookie (http only preferred) etc.