I cant understand the standard flow of authentication and authorization of Google + without using Passport
Requirement:
Current architecture:
Question:
i) how can I replace my current authentication with Google + ?
ii) when i login using Google + button, I got a access token in my client side, do i send the token back to my server?
iii) but, my server has no information of this user?, do i need first create this user in my server, and when it sends an access token to my server, i will check if this user is valid and return it with my server access token? (so for this user, will not have password information on my server database?, and this access token from google will be stored in my server?)
iv) I read about their doc https://developers.google.com/+/web/signin/server-side-flow they are using sessions, when the user first visit the page, I dont want to use sessiosn
I want to know the general flow, the code I could implement it myself, I just want to know the common architecture to solve this problem!
It would be great, if you could show me the general concept to deal with this! :)
This is the most recommended way to implement Google+ sign in
Google Hybrid server side signin procedure
To sum it up, there is 2 part;
1) To retrieve the auth token from Google, you could use their available SDKs
2) Once you got the auth token from Google, send it back from your client to your server again
3) In your server, exchange the auth token from Google for their access token to allow you to use the Google API on behalf of the user. You could retrieve user information, post Google+ post
4) Generate your own server access token and send it back to the client
5) In your client, save your server generated access token to be used for CRUD from your server