authentication - Emailpassword mobile authorization using Google Identity Platform & custom Node.js backend - Stack Over

I have a Flutter mobile app & Node.js backend. I want users to be able to authenticate using Google Identity Platform & authorize them on my Node.js backend endpoints. Users will have different roles which need to be checked.

I don't want to use Firebase & would preferably handle as little auth logic myself as possible.

My question is: Is it okay to call Identity Platform APIs from my backend & generate JWT access tokens on my own server or is there a better way? I'm also afraid of rate limiting which may cause issues when calling the APIs from my backend. (If its even okay to call them from the frontend).

I would also be appreciate any articles & other resources to do this kind of thing securely.

I have a Flutter mobile app & Node.js backend. I want users to be able to authenticate using Google Identity Platform & authorize them on my Node.js backend endpoints. Users will have different roles which need to be checked.

I don't want to use Firebase & would preferably handle as little auth logic myself as possible.

My question is: Is it okay to call Identity Platform APIs from my backend & generate JWT access tokens on my own server or is there a better way? I'm also afraid of rate limiting which may cause issues when calling the APIs from my backend. (If its even okay to call them from the frontend).

I would also be appreciate any articles & other resources to do this kind of thing securely.

• node.js
• authentication
• security
• google-cloud-platform
• google-identity-toolkit

Share Improve this question Follow asked Jan 16 at 13:45 TemberoTembero 40766 silver badges1313 bronze badges

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

I would suggest you use Google Identity Platform (via OAuth 2.0) to authenticate users, but you should not directly call Google’s Identity Platform API from your backend to generate JWT tokens.

Here are the recommended approaches:

• Use Flutter App for your Frontend to handle the initial authentication flow with Google’s OAuth 2.0 APIs (via the google_sign_in package in Flutter). Upon successful login, the app receives an ID Token from Google.

• As the ID token is sent to the backend, the backend verifies this token using Google's public keys to ensure its authenticity. Then, the backend assigns roles to the user (from your database) and generates its own JWT (session token) for further secure requests from the frontend.

Here are some helpful links:

1. google-auth-library for Node.js

2. Google OAuth2.0 Documentation

3. Role-based access controls