@dtinth/google-sign-in-controller

Sometimes you build yourself a web application. You have the frontend and the backend. You don’t want other people to be able to access your backend, so you must protect it somehow.

This library provides a simple way to protect your backend with Google Sign-In.

On the frontend, use this library to authenticate user and get an ID token. Send this ID token to the backend.
On the backend, verify the ID token’s integrity to authenticate yourself. See Verify the integrity of the ID token on Google Sign-In for Websites documentation. Validate the sub claim to make sure it’s you. Here’s an example in the wild.

This library is a thin wrapper on top of Google Sign-In. It takes care of asynchronously loading the Google Platform Library and the Google Sign-In JavaScript API, and provides simple hooks to access the user ID token.

Set up

To create an OAuth 2.0 Client ID:

Click on Create Credentials OAuth Client ID.
Select Application type Web application.
Enter a name for the application.
In the Authorized JavaScript origins field, add an origin.
Click Create
Note the Client ID.

Usage

export const signInController = new GoogleSignInController(clientId)

For usage see API documentation.