I have a mobile app that I’m working on that uses oauth to authenticate through Google. It receives an id_token from Google that I’d like to send to a Phoenix API for validation. Let’s say the endpoint is
/mobile-api. How could the back end verify with Google that the mobile app and id_token are valid?
I tried to use Joken, but the documentation was too hard for someone new to Elixir and Phoenix (such as myself) to understand. The same goes for Jose.
Any help on how to get either of those or another alternative working would be greatly appreciated!
take a look at this Elixir learning: An Ueberauth Oauth 2 Walkthrough
basically you are doing oauth - try and get it working in the normal browser, and then do the mobile app…
Thank you for the reply! We’re currently using Ueberauth to authenticate users with our web app on our Phoenix front end. However, we need to create an iOS app that can work with the same back end.
ahh I see…
think you can use this to check the token:
# userinfo_endpoint from https://accounts.google.com/.well-known/openid-configuration
path = "https://www.googleapis.com/oauth2/v3/userinfo"
resp = Ueberauth.Strategy.Google.OAuth.get(token, path)
and then go from there…