react-oauth idToken on custom button with useGoogleLogin hook

I know this issue has been raised before but I did not find any of the solutions helpful for my use case. What I would like to to get the idToken, send it to my server, verify that token, create my own tokens (access_token and refresh_token) using jwt and use those for subsequent requests. I have found this to be possible when going through the google sign in documentation here (https://developers.google.com/identity/gsi/web/guides/use-one-tap-js-api)

Jul 09 '23 21:07 melvinotieno

getting id_token direct only available via GoogleButton

otherwise you can follow https://github.com/MomenSherif/react-oauth/issues/12 it has a backend example to verify against without id token and you can create your own access token at this time

Jul 10 '23 13:07 MomenSherif

So is this what you mean?

Login with custom google button and get the code (auth-code) flow
Send the code to my backend and get the tokens including the idToken
Verify the idToken in the server and create my own access token at this time

Jul 10 '23 13:07 melvinotieno

Step 3 you don't need to verify the id_token

Exchanging the code to tokens means its valid

Jul 10 '23 13:07 MomenSherif

Makes sense but I would still need to save the google user id to the database in order to associate it with future logins

Jul 10 '23 14:07 melvinotieno

Make it against emails, emails are unique

Jul 10 '23 14:07 MomenSherif

But then again, to get the email, I still need the idToken, no?

Jul 10 '23 14:07 melvinotieno

You will decode the id token on the server (its jwt)

Jul 10 '23 15:07 MomenSherif

Okay. Also while at it, do you have any plans on adding other OAuth2 clients e.g Facebook?

Also, if I wanted to be a contributor, are there specific guidelines?

Jul 10 '23 15:07 melvinotieno

@MomenSherif could you kindly say, why id_token, is not available with the custom button, is there any security issue or something else?

Jan 26 '24 07:01 taronaleksanian