0

I'm trying to implement Login and Registration to my React App with the Google API. I can't figure out the correct way to register a new user with the information that Google provides (the GoogleAuth Object).

After a successful login with the popup window, the GoogleAuth object (I will call it 'dict' from now on) gives me a lot of info, some of it I don't know what is exactly, there are some access tokens (that repeats over the dict) and the main info of the profile of the user (name, mail, googleID, etc),

I also notice that the "googleID" repeats over the dict but with different names (same as other info)(there is more info that relates to the tokens as "expiration", "first issued", etc but I believe I do not need that).

I'm guessing that the tokens are used to GET and POST info from and/or to Google Account (I kinda understand how JWT works).

So my questions are:

Can someone explain me what is all the info and why it is repeated in the dict? (for example the number in dict.El also appears in dict.profileObj.googleId and dict.w3.Eea and dict.googleId)

Since my registration method needs Name, Mail and Password, the main question is:

What should I put in the password field? The GoogleId? if so, is it secure? The Token? I think no because it expires right?

Thanks for your help

James Westgate
  • 10,385
  • 6
  • 56
  • 63
Okhan
  • 1
  • explain why you need password even though you are using Google for authentication. Instead of calling it "dict", why not call it id_token, because that's what it is. Its contents are described here https://developers.google.com/identity/protocols/OpenIDConnect#obtaininguserprofileinformation – pinoyyid Jan 16 '19 at 22:22
  • In my app I need to have an "author" for each "post". "Author" must be an user (Model user), so in order to accept a new user I must make a new instance of User model, this User model needs a name, an email and a password. Thats why I need to know what to put in the password field. Or should I make a new model "GoogleUser model" that doesn't require a password? – Okhan Jan 18 '19 at 00:40
  • it's entirely up to you, but I would think that if you want your users to have a password, then you should ask them for one. I hope you aren't thinking that Google/OAuth will provide your app with their Google password. – pinoyyid Jan 18 '19 at 04:15

0 Answers0