node.jsreact-nativeexpogoogle-signinexpo-auth-session

What should be the correct approach for google login with react-native?


I am trying to create an expo app that should have google-login with Node.js server. I kind of missing how to handle the project structure / System design for it.

My Current flow is User press on Google login in the app, and app. And i am using this library for it.

import * as Google from "expo-auth-session/providers/google";

const [request, response, promptAsync] = Google.useAuthRequest({
androidClientId:
  "xxxxx.apps.googleusercontent.com",
iosClientId:
  "xxxxx.apps.googleusercontent.com",

});

Using this piece of code i am getting the user's information in the app, but till this moment my Node.js server is not doing anything.

Calling https://www.googleapis.com/userinfo/v2/me i can get the user data, on the mobile app. But i think that is kind of security vulnerability. Am i missing something how to handle this login flow.

enter image description here


Solution

  • After successful login in the mobile application:

    1. Send the ID token to the server
    2. Verify the ID token
    3. Create an account or session or whatever the use case requires

    See for Authenticate with a backend server for details.