I only want to authenticate the user access token which I get from javascript.
I am using spring rest service.
I have seen this: https://developers.google.com/identity/sign-in/web/server-side-flow However I am trying to find the exact code piece for facebook and google.
Does anyone have any code snippet to share or direct any github. Including the dependencies also because those also creates some conflicts.
If somebody finds this access token from their personal facebook login structure of different app (lets say 3rd party website has facebook login also) and uses the same token to enter my service (sending that token from that 3rd party service to my service api) can I do something to verify that this user access token is actually received from my own login system? because with these 2 http gets there are no secret api key or anything. Thanks
For example from this googleapis html
audience "1058748273114-6srsjvvag80n2kk6mc3v6fv2i3jdlm.apps.googleusercontent.com"
shows the exact app id information. This way I can validate that this id is matching my own personal apps id. This way I can verify for google at least
https://graph.facebook.com/v2.10/me?fields=id%2Cname&access_token= is also good to check as well With the previous link also I can check my api data and with this url I can check the person. 2 service call is needed.