What I'm trying to achieve is to allow anyone to login to the site and only certain registered user with permission are allowed launch the "Tap this button..."
The thing is, I'm very uncertain as to how to verify whether the user is logged in and has legitimate token to access the button. Should I store the token on client's browser and push it to the server when the button is pressed, is that safe?
Should I be using PHP in this case?
My main page:
Javascript & AJAX:
var token;
function onSignIn(googleUser) {
var profile = googleUser.getBasicProfile();
token = googleUser.getAuthResponse().id_token; // should I store the token?
var form = {
"ID": profile.getId(),
"Name": profile.getName(),
"Email": profile.getEmail(),
"Image_URL": profile.getImageUrl(),
}
$.ajax({
method: "POST",
url: "php/verification.php", // register account and save to db.
data: form,
dataType: "json",
success: function(data) {
console.log(data.result)
}
})
}
I'm also very vague with the documentation: https://developers.google.com/identity/sign-in/web/backend-auth
Will be very happy if there's anybody could enlighten my path and clear up my frustration.