Feat: Add Support for Google Identity

[tansanDOTeth]

Google is discontinuing Google Sign-In for their new identity services: https://developers.googleblog.com/2021/08/gsi-jsweb-deprecation.html

The new API seems to be https://developers.google.com/identity this service for signing in. The server side verification requires sending the idToken and the client ID (https://developers.google.com/identity/gsi/web/guides/verify-google-id-token).

[nelsonic]

Hi @astroTANSAN, indeed this is a new service from Google. It’s a re-branding of their OAuth/Single-signon service that billions of people are already familiar with & actively using.
We could add support for this in the future if enough people request it. 💭

[tansanDOTeth]

Hi @astroTANSAN, indeed this is a new service from Google. It’s a re-branding of their OAuth/Single-signon service that billions of people are already familiar with & actively using. We could add support for this in the future if enough people request it. 💭

Should I close this issue and create a feature request ticket?

[nelsonic]

@astroTANSAN no need to close and re-create.
Let's just reword the title and add it to the backlog.
Do you need this for something you're working on? 💭

[nelsonic]

Just had a quick look at the API/SDK. The "One Tap" feature is cool but requires including their JavaScript SDK in your web app. There's definitely a use-case for it; streamlines auth for people who are signed into their Google Account.
But it appears to require writing some JS code to handle the requests ... which I'm not averse to. but we would need to get this feature request "up-voted" by a few people using our auth/product to justify investing the time. 💭

[tansanDOTeth]

@astroTANSAN no need to close and re-create. Let's just reword the title and add it to the backlog. Do you need this for something you're working on? 💭

Okay. I went ahead and edited the post.

Just had a quick look at the API/SDK. The "One Tap" feature is cool but requires including their JavaScript SDK in your web app. There's definitely a use-case for it; streamlines auth for people who are signed into their Google Account. But it appears to require writing some JS code to handle the requests ... which I'm not averse to. but we would need to get this feature request "up-voted" by a few people using our auth/product to justify investing the time. 💭

I was mainly looking at this page for verifying with a ID token: https://developers.google.com/identity/gsi/web/guides/verify-google-id-token

[ndrean]

I looked at One Tap this weekend. You don't need JS.

• add the Google button and an endpoint for a POST request

<script src="https://accounts.google.com/gsi/client" async defer></script>
<div id="g_id_onload"
  data-client_id={System.get_env("GOOGLE_CLIENT_ID")}
  data-login_uri="http://localhost:4000/auth/one_tap"  <----- POST endpoint
  data-auto_prompt="true"
  >
</div>
<div class="g_id_signin"
  data-type="standard"
  data-size="large"
  data-theme="outline"
  data-text="sign_in_with"
  data-shape="rectangular"
  data-logo_alignment="left">
</div> 

Then in your router:

pipeline :api do
    plug :accepts, ["json"]
    post "/auth/one_tap", MyAppWeb.OneTapController, :handle
end

and the controller:

use LiveMapWeb, :controller

defp parse(%{"email" => email, "name" => name, "picture" => picture} = _data) do
    %{email: email, name: name, picture: picture}
end

def handle(conn, %{"credential" => credential}) do
      ("https://oauth2.googleapis.com/tokeninfo?id_token=" <> credential)
      |> HTTPoison.get!()
      |> Map.get(:body)
      |> Jason.decode!()
      |> then(&parse/1)
end

🚀

OK, this is cheating because I used a dev endpoint to decode the token.
I will propose something; in short, it seems you need to download Googles' PEM on
a regular basis to decode the JWT. Probably not totally straightforward.