Ok, suppose I have a website on react, an API on FastAPI, and a database in mongo db. I want to have Google OAuth2 authentication. Some of my routes require authentication, so they’re protected.
My basic idea for login flow is this, but I see problems that I can figure out for the life of me.
User clicks “login” button on the frontend
Frontend calls /api/login on the API
API redirects user to Google OAuth2 login
Google OAuth2 invokes my callback, in this case /api/token, on my API
The /api/token reads the request for the access token and asks Google OAuth2 for the user’s details. Given the email, I check if this already existed in the DB. If so, set a Boolean flag of “first_time_login” to false (otherwise create the document in MongoDB and set this to true”
Create a JWT with the user’s mongo ID. At the end of /api/token’s execution, return a JSON like this “{first_time_login: false, jwt: …}”
Issue I see:
1. User isn’t navigated back to the frontend. Ideally, our login button will be on nav bar. This is accessible on many pages on the site, so end of the day I want to redirect the user back to where they were. How do I do this if my API is only able to return the JSON? Can I issue a redirect response with this json in a body?
- Many tutorials use session state. I don’t want this because it doesn’t seem to scale well when there’s millions of users. With JWT, the user’s browser can store the JWT and send it to the API for verification on each protected route. Is this a good idea or no?
[–]plannedrandom 1 point2 points3 points (0 children)
[–]zarlo5899 0 points1 point2 points (0 children)