Google Sign in Flow in Portal
Overview:
User sign in to Sunbird/Diksha is handled by the portal.
Currently, the portal uses Google plus API to fetch the user profile when the user tries to sign-in using google.
Problem statement:
Google has shut down Google Plus API from 7 March 2019. Google has also stopped new integration with google plus api.
Approach :
Instead of using google plus API portal will be using google auth API to fetch the user details.
Fetch the Code from google (once the user is authenticated by Google) using which call Oauth API to generate token.
Using the token extract the information from the token decoding the token.
Check if the user information is available in token proceed else call oath API to fetch user information.
Flow Chart :
Sample token fetched from google API
{
"iss": "accounts.google.com",
"at_hash": "HK6E_P6Dh8Y93mRNtsDB1Q",
"email_verified": "true",
"sub": "10769150350006150715113082367",
"azp": "1234987819200.apps.googleusercontent.com",
"email": "jsmith@example.com",
"aud": "1234987819200.apps.googleusercontent.com",
"iat": 1353601026,
"exp": 1353604926,
"nonce": "0394852-3190485-2490358",
"hd": "example.com"
}
Response sample received after fetching user profile from google oauth2 server(https://www.googleapis.com/oauth2/v2/userinfo).
{ "sub": "10769150350006150715113082367", "name": "Aaron Parecki", "given_name": "Aaron", "family_name": "Parecki", "picture": "https://lh4.googleusercontent.com/-kw-iMgj34/AAAAAAAAAAI/AAAAAAAAAAc/P1YY91tzesU/photo.jpg", "email": "aaron.parecki@okta.com", "email_verified": true, "locale": "en", "hd": "okta.com"} |
Auth url google endpoint - https://accounts.google.com/o/oauth2/v2/auth.
Oauth2 token generation endpoint - https://oauth2.googleapis.com/token
Oauth2 fetch user information endpoint - https://www.googleapis.com/oauth2/v2/userinfo
References -