I'm creating a mobile app which uses the
- google login (OAuth) for Authentication
- it has a backend exposed as Node JS api
Now, I'm trying to create an Authenticated API based upon the google login. So, only the logged in user (through gmail), will be able to call the api.
Now, I'm not sure how do I get the JWT token from gmail, pass it to the api as bearer token?
Also, how would my server verify the JWT token without knowing the secret password? Would my server in turn has to call the gmail server for token verification?
I'm not sure if this is a standard approach? I searched over the internet, couldn't find this kind of scenario. Any help is much appreaciated.
