Google Sign-In for Websites: API: How do keep signed in session from page to page?

original source : http://stackoverflow.com/questions/34810810/google-sign-in-for-websites-api-how-do-keep-signed-in-session-from-page-to-pag

If you follow the steps here, it will lead you through it.

Basically it looks like you have a few steps:

1) Once the user signs in, POST their token info to your server backend.

2) From your server backend, write code that will GET the token info to Google’s tokeninfo endpoint: https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=

3) Compare that token info with the token you just POSTed in step 1.

Basically, it’s just a way to verify that someone didn’t just write some code to post a arbitrary token to your sever to get authenticated. It’s a way to check to see if this user actually signed in through Google.

4) To use that info on another page you could store the token as a cookie. On each request, you can find out if that user is still authenticated by checking the expiration on the token. Once it is expired, remove the cookie and force the user to log back in. You could also store it in whatever session object that you have on the server’s backend as well.

Google Sign-In for Websites: API: How do keep signed in session from page to page?

Share this:

Post Navigation