Issue
How would I implement login only with Google OAuth. I do not want to store passwords and sensitive information (I would store email, name and profile photo ONLY) in my apps database (PostgreSQL).
Only specific people will have access to app, and I want them to login using google and that it checks if user has access.
I use Spring Boot for backend REST API, Angular for frontend, AWS for file storage and database and Gradle as build tool.
I watched some videos on youtube and read some articles on authentification in general but they weren't helpfull because they were not for my use case and used other tech stacks.
Solution
Email, name and profile photo are all OpenID data. It is very likely that you don't have to store this in your own database (and save the burden of data synch when a user updates his Google profile). Saving user "subject" (sub
claim which is immutable) should be enough.
Angular app should access OpenID data for currently authenticated user from ID token (not from your API). ID token is part of the response when authenticating with authorization-code flow (provided that openid
scope was requested, along with email
and profile
in your case).
Spring REST API should be able to query user data from Google API using client credentials flow.
Use angular-auth-oidc-client in your Angular app for users authentication, access & ID tokens acquisition and refreshing. This lib will also add access-token to all requests sent to configured routes: your resource-server will require it.
Configure your Spring REST API as a resource-server. Tutorials there and use a REST client ready for client credentials flow to query Google API if needed (@FeignClient
, RestTemplate
and WebClient
are widely used options with Spring)
Answered By - ch4mp
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.