How to specify a backend callback url while rendering the Google Sign in button using with js method
I'm trying to integrate Google Sign-In on my website with a view to authenticating users on my backend API (Golang). Here's a diagram to illustrate what I'm trying to do:
So I tried to use the HTML method to render the Google button, and I specified a backend endpoint in the login_url attribute in order to validate the JWT server-side and authenticate the user...
Sources:
render google button using the html method
...But the button disappears quickly because the Google script render the button first, and then Svelte tries to do the same while rendering the requested webpage. The same issue is mentioned here for react: https://stackoverflow.com/a/71241558/1216281
So, I tried the javascript method, and the button is displayed correctly. But the difference here is that I cannot specify a backend endpoint in the API Call to validate the JWT server-side. I can only specify a javascript callback. So the implementation would look like this:
Is-it the correct way to do it, then?
I got mixed up in the docs. Response here: https://developers.google.com/identity/gsi/web/guides/integrate#:~:text=The%20purpose%20of%20returning%20ID%20tokens%20to%20the%20JavaScript%20callback%20handler%20on%20the%20client%20side%2C%20is%20not%20for%20you%20to%20decode%20it%20in%20the%20JavaScript%20code%2C%20but%20for%20you%20to%20submit%20it%20to%20your%20server%20in%20your%20own%20way.
The purpose of returning ID tokens to the JavaScript callback handler on the client side, is not for you to decode it in the JavaScript code, but for you to submit it to your server in your own way.
Once you validate the token, you can generate your App Token or a Session Cookie (http only preferred) etc.
- New Google place api using google OAuth, ask failed to refresh token
- Access token obtained with 'auth-code' login flow with 'drive.file' scope, later used for picking file and on the server returns "entity not found"
- PHPMailer getOAuth2token response to div
- Google AdWords API authorization raising AdsCommon::Errors::AuthError
- Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
- Cross-client Google OAuth: Get auth code on iOS and access token on server
- Google Authenticator available as a public service?
- Google OAuth components must be used within GoogleOAuthProvider
- Access google cloud storage bucket from other project using python
- Django Google log-in/sign up not working even though django-oauth
- How to obtain android app version code using Google Api?
- Problems with ShinyApp and Google authentification, when making Public
- testing google sheet editor addon fails with error 403
- Google API Invalid JWT Signature in SFCC
- Google Classroom iframe, compare login_hint with signed in user
- Origin is "not allowed" for given client ID when origin was added
- Issue when trying to register an app for consent screen in google oauth
- Correct setup for accessing a GSheet published as a webapp via a service account
- How to set up Google OAuth clients to split authorization and token exchange between client and server?
- Get 403 response with the "new" Firebase Cloud Messaging API
- Google OAuth 2.0 Flow Issue (Implicit)
- Unable to fetch access token and refresh token from google OAuth2.0 using the authorized code
- How should I use the id token returned to me by Google after a successful code exchange?
- Google Cloud Platform adding OAuth Client ID says Requested entity already exists
- Gmail API Oauth2 Send from different address
- How to test Google's OAuth granular consent screen for TV & Device Apps
- How to verify google auth token at server side in node js?
- Firebase - Notification push - Oauth2 - 401 invalid authentication credentials - Symfony
- How to specify fields for $plus->people->get('me') call?
- Is there a way to keep oauth2 token for infinite time?