Google Sign in Button
Question
I have implemented a Google Sign in Button in my app. I want that the users can quickly access the app without filling email etc. When the user press the button, i get some data from google like email, name and so on. Than a request to my server is send, its checks if the email is registred or not. If not the server creates a new account, if an account is created, its check the "password" that google have send me (userIdToken). My problem is, that i dont know what i can use as a password? I used the userIdToken, but i recognized that this is changing when i trying to log in, from a other device. So i cant use this as a password. I dont know how this authetication method should work, can someone help me?
1 answers
solution1
0 ACCPTED 2018-06-25 14:58:35
Here's how you can improve your authentication flows.
Disclaimer: This is all just personal opinion based on my experiences.
You don't need to store password if they login using Google Sign-In, that's the purpose of having Google Sign-In right? So, instead you can store email (which is always unique) of their linked account (such as Google, Facebook, or etc). Basically you've done this part, so all should be good!
Rather than storing and re-using Google Id Token (which might changes every time you sign in), you can verify the userIdToken in your backend server. Google provides helper to do this. See documentation
You can use Firebase Authentication. Along with FirebaseUI, it can help you a lot in authenticating your users. Read more
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.