java - Login Web API using Angular 7/8 + Social Login(GoogleApi) + angularx-social-login + Spring boot + JWT

问题描述

I have small application using angular8 + spring boot where i want to make my website more secure and user friendly. Application flow -> Angular8 -> Spring boot/java 11 -> DB (postgresql) To enhance my application, I want to enable social signin on my login page but before proceeding further I found some security concern e.g.

• I am trying to enable social sign-in to avoid signup on my website but I found that gapi only provides email, photo and name. How can I get mobile number?
• what is the right way to navigate to dashboard/welcome page on successful google api authentication?
• Should i use token provided by GAPI or i should get my own JWT?
• Should i re-verify google token on backend layer (spring boot)?
• What is best practice to handle session/state on social sign-in.
• Should i validate id token or access token on microservice/spring-boot layer
• How to keep signin with google api validation if user sign-in just before.

Below information return when we do signin with google:

Request url:https://accounts.google.com/o/oauth2/iframerpc

Response:

    token_type: "Bearer"
    access_token: "some token"
    scope: "email profile openid https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email"
    login_hint: "some hint"
    expires_in: 3599
    id_token: "some token"
    session_state: {extraQueryParams: {authuser: "0"}}
    extraQueryParams: {authuser: "0"}

标签： javaangularspring-bootgoogle-api