We have a Spring Boot
web app which uses JWT based authentication/authorisation. Now, we want to add OAuth2 support so that users can login using their Google account. That would be easy to do using Spring Security
.
However, the requirement is a bit different.
If the user wants to use the Google login functionality, he first needs to link their Google account. Basically login into our application using his/her credentials, and on their profile page link their Google account.
The flow would be something like the following:
POST /users/{userId}/accounts
which will receive the token returned by GoogleMy question is, for step 4 , what is the best practice for that? How can I use all the stuff that Spring Security
is offering to achieve this?
Thank you in advance,
You have the authorization code and you exchange for access token all over https and all in backend.
There is no need to validate access token ( I don't think spring security even does this part for integration with google ) at your end.
This should be done by google when you request its resource.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.