I am writing a Chrome extension that needs to verify user identity using Google so the user can sign in.
According to Google's docs, I should use chrome.identity.getAuthToken(). Login works successfully and I get a single string in return.
However, this function only returns a token for later use through the Google API. I need to verify it in the backend in order to register the user in my backend DB and rely on their identity (which is why I can't rely on any verification happening in the front-end).
How should I do that?
All examples I could find use different authentication methods, not chrome.identity.getAuthToken().
Send a request to:
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=<TOKEN>
The server returns HTTP 200 if token is valid and 400 if not. If it's valid the response also contains details about the user.