Logo

dev-resources.site

for different kinds of informations.

Google identity Platform

Published at
10/4/2024
Categories
googlecloud
identity
oauth
devops
Author
mohamed_rasvi_9f19a0ec9c9
Main Article
https://dev.to/mohamed_rasvi_9f19a0ec9c9/google-idenity-platform-40gn
Categories
4 categories in total
googlecloud
open
identity
open
oauth
open
devops
open
Author
25 person written this
mohamed_rasvi_9f19a0ec9c9
open
Google identity Platform

This post I would like to explain how google identity platform works in a simple manner.

Most of the time, the Google Identity platform works as a proxy to configure identity providers. Google identity platform is little different to Azure ID, where you can create your own SAML and OIDC identity providers.

For the user authentication In this article, we will use federated identity provider Google.

Image description

Above User flow in details

  1. Users access the web application
  2. Application: check whether the user is logged in or not
  3. If you are not authenticated, the application will redirect to a federated identity provider : Google
  4. Once the user is authenticated successfully and redirects to the /__auth/handler endpoint, this service is hosted by Google
  5. The /__auth/handler service redirects back to the application

We need to understand the Main 5 concepts behind this google identity platform.

  1. Authentication
  2. Users
  3. Admin Auth API
  4. Multi-tenancy
  5. Differences between Identity Platform and Firebase Authentication

I will explain the main most important concept for this post; keep the article short and simple.

Authentication
Identity Platform allows users to authenticate to your apps and services, like multi-tenant SaaS apps, mobile/web apps, games, APIs and more. Identity Platform provides secure, easy-to-use authentication if you're building a service on Google Cloud, on your own backend or on another platform.

How it works?
To sign a user into your app, you first get authentication credentials from the user. These credentials can be the user's
email address and password, a SAML assertion, or an OAuth token from a federated identity provider.
In the case of federated identity providers, the providers return those tokens to Identity Platform's authentication handler on the /__auth/handler endpoint. This service is hosted by Google, so you don't have to receive and validate the authentication artifact. After the tokens are received, our backend services will verify them and return a response to the client.
After a successful sign in, you can access the user's basic profile information, and you can control the user's access to data stored in Google Cloud or other products. You can also use the provided authentication token to verify the identity of users in your own backend services.

You can read here to understand the above all concepts here

Setting up a Google IDP on google idenity platform

  1. Go to google idenity platform
  2. Click Add A Provider and select Google
  3. Enter your Google Web Client ID and Web Secret. If you don't already have an ID and secret, you can obtain one from the API's & Services page.
  4. Configure the URI listed under Configure Google as a valid OAuth redirect URI for your Google app. If you configured a custom domain in Identity Platform, update the redirect URI in your Google app configuration to use the custom domain instead of the default domain. For example, change https://myproject.firebaseapp.com/__/auth/handler to https://auth.myownpersonaldomain.com/__/auth/handler. This is where confusion we see on the Google cloud document. Most of the time we don't read the concepts, so we assume our application must have this callback URL, /__/auth/handler, but we don't need this because /__/auth/handler is hosted in Google; it is a Google-hosted backend service that does the magic like creating JWT, etc.

  5. Register your app's domains by clicking Add Domain under Authorized Domains. For development purposes, localhost is already enabled by default.

  6. Click Save.

I'm not going to show the entire code, I just insert some example code snippets.

import { getAuth, signInWithRedirect, getRedirectResult, GoogleAuthProvider } from "firebase/auth";
const auth = getAuth();
signInWithRedirect(auth, provider);
getRedirectResult(auth)
.then((result) => {
// This gives you a Google Access Token. You can use it to access Google APIs.
const credential = GoogleAuthProvider.credentialFromResult(result);
const token = credential.accessToken;
// The signed-in user info.
const user = result.user;
// IdP data available using getAdditionalUserInfo(result)
// ...
}).catch((error) => {
// Handle Errors here.
const errorCode = error.code;
const errorMessage = error.message;
// The email of the user's account used.
const email = error.customData.email;
// The AuthCredential type that was used.
const credential = GoogleAuthProvider.credentialFromError(error);
// ...
});

Signing in users with the Client SDK

Let me know if you want to dive deep into the Google identity platform.

For example, integration with gateways like Kong.

oauth Article's
30 articles in total
Favicon
Are millions of accounts vulnerable due to Google's OAuth Flaw?
Favicon
Pushed Authorization Requests in .NET 9: Why and How to Use Them
Favicon
Understanding OAuth 1.0a Signature Generation: Postman vs. Node.js Library and Custom Implementation
Favicon
A Comprehensive Guide to Using OAuth 1.0a with Twitter API v2
Favicon
Understanding Twitter API OAuth 1.0a Authentication: A Comprehensive Guide
Favicon
Spring Oauth2 - App-Token based Hybrid Token Verification Methods
Favicon
App-Token based easy OAuth2 implementation built to grow with Spring Boot
Favicon
Accessing the AuthAction Management API with Machine-to-Machine Application
Favicon
How to oAuth2 Code Flow using Tanstack Start
Favicon
Serverless OAuth2/OIDC server with OpenIddict 6 and RDS Aurora v2
Favicon
Getting Started with Keycloak: Understanding the Basics
Favicon
Finalmente entendi o OAuth
Favicon
Login with Google, Laravel 11
Favicon
Integrating Google OAuth 2.0 with JWT in a Node.js + TypeScript App using Passport.js
Favicon
OAuth2 Authentication API
Favicon
.NET MAUI Google Drive OAuth on Windows and Android
Favicon
Extortion Pack
Favicon
Umbraco and Bellissima: Swagger, Tokens, Entry Points
Favicon
MS Graph API Certificate and Client Secret OAuth2.0 in Java Spring boot
Favicon
Securing Spring Microservice with OAuth 2.0
Favicon
OAuth2, JWT, and JWKS: Using Amazon Cognito as IDP
Favicon
Mission impossible with localhost
Favicon
React Oauth2 Integration with AuthAction
Favicon
Harness Authentication Capabilities
Favicon
🔐 How to Implement OAuth 2.0 Authentication in ASP.NET Core with External APIs
Favicon
Vuejs Oauth2 Integration with AuthAction
Favicon
Angular Oauth2 Integration with AuthAction
Favicon
Google identity Platform
Favicon
How to Secure Your AWS EKS Application with OAuth 2.0 and SSO Integration Using Amazon Cognito and OAuth2-Proxy
Favicon
OAuth Tutorial with Go and the Spotify API

Featured ones:

Favicon
Open
abubakersiddique761
Favicon
Open
0x3d_site
Favicon
Open
0x2e_tech
Favicon
Open
0x4c-quest
Favicon
Open
gittech