Authorizing a Mobile App

theyokohamalife · October 25, 2021, 1:25pm

I have a mobile app that I’m working on that uses oauth to authenticate through Google. It receives an id_token from Google that I’d like to send to a Phoenix API for validation. Let’s say the endpoint is /mobile-api. How could the back end verify with Google that the mobile app and id_token are valid?

I tried to use Joken, but the documentation was too hard for someone new to Elixir and Phoenix (such as myself) to understand. The same goes for Jose.

Any help on how to get either of those or another alternative working would be greatly appreciated!

outlog · October 25, 2021, 2:55pm

take a look at this Elixir learning: An Ueberauth Oauth 2 Walkthrough

basically you are doing oauth - try and get it working in the normal browser, and then do the mobile app…

theyokohamalife · October 25, 2021, 4:09pm

Thank you for the reply! We’re currently using Ueberauth to authenticate users with our web app on our Phoenix front end. However, we need to create an iOS app that can work with the same back end.

outlog · October 25, 2021, 8:01pm

ahh I see…

think you can use this to check the token:

    # userinfo_endpoint from https://accounts.google.com/.well-known/openid-configuration
    path = "https://www.googleapis.com/oauth2/v3/userinfo"
    resp = Ueberauth.Strategy.Google.OAuth.get(token, path)

and then go from there…