Google login provider authentication flow
Unanswered
Indian oil sardine posted this in #help-forum
Indian oil sardineOP
Hi, I am trying to implement
This is my general understanding of the flow:
is that correct? google search said I need to authenticate in the backend again with
Google login with nextauth, I have managed to implement the credential provider successfully, but I am confused about the flow for the Google providerThis is my general understanding of the flow:
Frontend > login with google > Get ID token + access token from google > call backend authentication API [ ID token + access token ]
Backend > verify [ ID token + access token ] from google > authentication successful > store provider_account_id, refresh_token and access_token to Databaseis that correct? google search said I need to authenticate in the backend again with
passport-google-oauth201 Reply
Chum salmon
Not sure about Nextauth
But in Supabase it's like this:
- Trigger OAuth Login with
- Handle Redirect from Google (e.g.
- Update session on everyr equest via middleware
But in Supabase it's like this:
- Trigger OAuth Login with
signInWithGoogle(). Supabase redirects to Google login page- Handle Redirect from Google (e.g.
/auth/callback). This includes exchangeCodeForSession(code) to set Supabase cookies (access_token, refresh_token and expires_in)- Update session on everyr equest via middleware