First step in creating my new suite of react frontend applications is to make a simple Authentication server/service in Go preferably, where users can authenticate with their google account which will either result in:
- creation a new user in the database
- login if matching user is found in db (how to determine match without password?)
I realize that I will get a JWT from the Auth server/service with the usual claims such as:
{
"iss":"accounts.google.com",
"at_hash":"HK6E_P6Dh8Y93mRNtsDB1Q",
"email_verified":"true",
"sub":"10769150350006150715113082367",
"azp":"1234987819200.apps.googleusercontent.com",
"email":"jsmith@example.com",
"aud":"1234987819200.apps.googleusercontent.com",
"iat":1353601026,
"exp":1353604926,
"nonce": "0394852-3190485-2490358",
"hd":"example.com"
}
So far so good, but after that I'm not really sure what fields I need to store for the user "table" (using a dgraph db, but I guess it doesn't matter if it's a relational or graph db) in the database other than the email, which will to my understanding be the identifier pairing the user in db with the JWT?
How do you handle integration with your own database:
- First time a user authenticates with google through the auth server/service and a user is created in the db
- Subsequent times a user authenticates with google through the same auth server/service and logs in (already exists in db - but how to verify this in a safe way - couldn't others just make a false token with the same email?)
Do you store the token in the user table along with the email? In that case what to do if the token expires/changes and what about security?
So the question is not about how to get a token, it's about how to connect the user in the db with the JWT user that just got authenticated.
Most tutorials and articles I've read does not describe the database part in much detail.