java - Login Web API using Angular 7/8 + Social Login(GoogleApi) + angularx-social-login + Spring boot + JWT
问题描述
I have small application using angular8 + spring boot where i want to make my website more secure and user friendly. Application flow -> Angular8 -> Spring boot/java 11 -> DB (postgresql) To enhance my application, I want to enable social signin on my login page but before proceeding further I found some security concern e.g.
- I am trying to enable social sign-in to avoid signup on my website but I found that gapi only provides email, photo and name. How can I get mobile number?
- what is the right way to navigate to dashboard/welcome page on successful google api authentication?
- Should i use token provided by GAPI or i should get my own JWT?
- Should i re-verify google token on backend layer (spring boot)?
- What is best practice to handle session/state on social sign-in.
- Should i validate id token or access token on microservice/spring-boot layer
- How to keep signin with google api validation if user sign-in just before.
Below information return when we do signin with google:
Request url:https://accounts.google.com/o/oauth2/iframerpc
Response:
token_type: "Bearer"
access_token: "some token"
scope: "email profile openid https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email"
login_hint: "some hint"
expires_in: 3599
id_token: "some token"
session_state: {extraQueryParams: {authuser: "0"}}
extraQueryParams: {authuser: "0"}
解决方案
推荐阅读
- php - Laravel5.6 phpexcel包安装报错
- python - 清理python中的列
- sql-server - 如何在 Angular 6 中使用 Sql 服务器连接?
- python - Python从列表中删除常用词
- jquery - 主干视图中的多个 jQuery 对象
- vue.js - 是否有可能让哪个组件调用一些动作 Vuex?
- sql - SQL Server 2014 无法连接
- html - 如何使用 CSS 显示时间线
- angularjs - 比较两个 API 调用的结果并在 MEAN 应用程序中返回它们的差异
- javascript - 基于键如何从 JavaScript 中的数组中过滤?