hv-ojha
commented
3 days ago It will be better if we trigger the Google SignIn from backend. Because that way we will be able to generate new token according to the login type. Also we will have full control over JWT creation as well as adding new data in coming future.
Also after signIn we can token in cookies and header for better authorization and authentication. You can take a reference from this diagram. We have tried some similar architecture in my past application.
Note: It is just for your reference, we can have customized implementation according to our business case.
Helpful URLs Google verify token
Google Auth using NodeJS backend
SAML is an authentication not authorization
Bluesparx
Problem
Currently, all protected routes rely on JWT verification for user authentication. It does not handle the scenario where a user signs up or logs in using Google (Firebase). As a result, users authenticated via Google can bypass the JWT verification or face issues accessing protected routes.
Solution: