To securely identify the signed-in user using a backend server:
userData.getUserId()
method.Send the ID token to the tokensignin
API on your backend server with an HTTPS POST request:
HttpClient httpClient = new DefaultHttpClient(); HttpPost httpPost = new HttpPost("https://yourbackend.example.com/tokensignin"); try { List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(1); nameValuePairs.add(new BasicNameValuePair("idToken", idToken)); httpPost.setEntity(new UrlEncodedFormEntity(nameValuePairs)); HttpResponse response = httpClient.execute(httpPost); int statusCode = response.getStatusLine().getStatusCode(); final String responseBody = EntityUtils.toString(response.getEntity()); Log.i(TAG, "Signed in as: " + responseBody); } catch (ClientProtocolException e) { Log.e(TAG, "Error sending ID token to backend.", e); } catch (IOException e) { Log.e(TAG, "Error sending ID token to backend.", e); }
After you receive the ID token by HTTPS POST on your backend server, you must verify the integrity of the token using Verify Token API
import requests try: url = "https://now.gg/accounts/oauth2/v1/verify-token" payload={ "token_type": "id_token", "token": < id_token > , "client_id": < your_oauth_client_id > } headers = { 'Content-Type': 'application/json' } response = requests.request("POST", url, headers=headers, data=json.dumps(payload)) print(response.text) #token verified except: #token not verified pass
var axios = require('axios'); var config = { method: 'post', url: 'https://now.gg/accounts/oauth2/v1/verify-token', headers: { 'Content-Type': 'application/json' }, data: { "token_type": "id_token", "token": < id_token > , "client_id": < your_oauth_client_id > } }; axios(config) .then(function (response) { console.log(JSON.stringify(response.data)); }) .catch(function (error) { console.log(error); });
After you have verified the token, check if the user is already in your user database.
Note: When you detect a newly created user in your app and save this user in your database, you can get any additional profile information you require from the user.
Document Rev. 1.0