gsf
commented
9 years ago Because a reliance on Google for authentication may strike some programmers and others in the community as odd, we'll handle it locally. This will also give us more flexibility in our implementation.
Rely on Google for authentication, requiring a Google ID Token (preferably in the header) for each request that demands authorization. Validate it according to https://developers.google.com/accounts/docs/OAuth2Login#validatinganidtoken, then use the email address to determine the user.
See if https://github.com/gmelika/google-id-token will work. Otherwise, assess the following for a port: https://github.com/google/google-api-php-client/blob/master/src/Google/Auth/OAuth2.php#L440