oauth - Caching Google JWT -


i have mobile app communicates server. authentication in mobile app, i'm using sign in google. sign in returns accesstoken send server , verify using google-auth-library suggested here: https://developers.google.com/identity/sign-in/web/backend-auth

import googleauth 'google-auth-library' const auth = new googleauth() const client = new auth.oauth2(myclientid, '', '')  apiroutes.use((req, res, next) => {     // token request     const token = req.token      if (token) {         // verify secret google         client.verifyidtoken(token, myclientid, (err, payload) =>             // proceed user authenticated             ... 

is necessary make call every request user makes? practice sort of caching? or have own implementation of jwt on server includes google payload?

no, server should creates account user once validates access token, saving google id in database along other user details (id, email, name etc), , returns access token mobile application.

once latter (usually stored locally) expires, can refreshed without prompting user permission.


Comments

Popular posts from this blog

networking - Vagrant-provisioned VirtualBox VM is not reachable from Ubuntu host -

c# - ASP.NET Core - There is already an object named 'AspNetRoles' in the database -

ruby on rails - ArgumentError: Missing host to link to! Please provide the :host parameter, set default_url_options[:host], or set :only_path to true -