Ad

How Do I Design Google OAuth2 Workflow

I have a Backend (Spring) and a Frontend Flutter App. I want to implement an OAuth2 flow. What is the right way to implement this. My first service to implement will be google, but i want to keep it general, so i can implement other services like Microsoft.

I've tried a workflow where the authentication is done by the server (app requests oauth login to server -> redirecting with clientIds etc -> client authenticates -> redirect to server and validating -> returning login information to client) Is this the right way? E.g. Google doesn't want you to use the built-in-app webView widget...

I've also tried a split way, that the first request to google OAuth servers is done in the app obtaining the authCode and the server requesting the necessary information. But this doesn't work for me. I'll get different error types each time.

I'm really stuck at this for a long time and didn't find a general solution...

Ad

Answer

Ok, I found out, that the best and recommended way is too use GoogleTokenVerifier on the backend to authenticate and check the accessToken of the oauth request. Microsofts is recommending the same way:

https://docs.microsoft.com/de-de/azure/active-directory/develop/access-tokens#validating-tokens

https://www.youtube.com/watch?v=j_31hJtWjlw

Ad
source: stackoverflow.com
Ad