How to authenticate Android Google sign in with Node server

Question

I am trying to implement Google account sign in on my Android app and authenticate it in my Node server.

I followed this tutorial to successfully implement the Google sign in button on Android, but know i don't get it how to authenticate on my back end.

From this documentation i assumed that i need to get and send the getIdToken() or getServerAuthCode() but i am not sure which one should i send, so voted to send the getServerAuthCode().

On my Node server part, i installed this library and used this method:

var google = require('googleapis'); 
var plus = google.plus('v1'); 
var OAuth2 = google.auth.OAuth2; 
var oauth2Client = new OAuth2(CLIENT_ID, CLIENT_SECRET, REDIRECT_URL);

// Retrieve tokens via token exchange explained above or set them:
oauth2Client.setCredentials({   
  access_token: 'ACCESS TOKEN HERE',  
  refresh_token: 'REFRESH TOKEN HERE' 
});

plus.people.get({ 
userId: 'me', 
auth: oauth2Client }, 
function(err,response) {   // handle err and response });

I thought this was the correct method, but then i found this and i realized that the data returned by getServerAuthCode() needed to be exchanged for the real access token in order to get the information from the user.

My questions are:

1) Which data should i send from Android to Node? (On Node i get some basic information like email and user name).

2) If i am sending the right data, is the library i am using for Node is the right one? If i am not sending the right data, which library do you recommend me to validate the getIdToken().

3) On Node, How should i exchange the data from getServerAuthCode() to get the right access and refresh token?

Any other information about how to authenticate and examples are welcome.

Thank you.

Answer 1

This might be the solution you are looking for. https://developers.google.com/identity/sign-in/android/backend-auth

This allows you to send the ID back to your server using HTTPS. Then, on the server, verify the integrity of the ID token and use the user information contained in the token to establish a session or create a new account..