I only want to authenticate the user access token which I get from javascript.
I am using spring rest service.
I have seen this: https://developers.google.com/identity/sign-in/web/server-side-flow However I am trying to find the exact code piece for facebook and google.
Does anyone have any code snippet to share or direct any github. Including the dependencies also because those also creates some conflicts.
My personal solution offer is this. It is stable? I will do simple hhtp get using these 2 urls https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=
https://graph.facebook.com/app?access_token and compare the if the user id and email and name is matching.
If somebody finds this access token from their personal facebook login structure of different app (lets say 3rd party website has facebook login also) and uses the same token to enter my service (sending that token from that 3rd party service to my service api) can I do something to verify that this user access token is actually received from my own login system? because with these 2 http gets there are no secret api key or anything. Thanks
