I'm building a React app that uses a Rails backend.
I'm using Google Sign-in, and doing most of the work on the client side, and have the flow working up to successfully logging in and obtaining an access token on the client.
I want to perform this step, authenticating the token on the server, because otherwise I'm simply trusting the client to assert the user's identity at this point. There are several examples here, but none of them in Ruby.
I'm aware I can simply fall back to using the tokeninfo
endpoint (https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=foo), but would view this as a last resort.
There are various examples out there of Ruby OAuth2 flows involving Google sign-in, but what I'm looking for is the basic step of simply validating an access token on the server, given a client ID and Google's public keys (I believe this is the appropriate data).
Well, it appeared that this genuinely didn't exist, so I wrote it myself.
Using the Python and Node.js implementations as a guide, I've authored a Ruby gem for this task.
https://github.com/hamza/google-auth-token-validator-ruby
It's brand new, so I welcome bug reports, feature requests and PRs.
Let me know if this helps anyone.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With