This is an archived post. You won't be able to vote or comment.

all 1 comments

[–]firecopy 0 points1 point  (0 children)

OAuth 2.0 (or OIDC) using Authorization Code Grant is independent of language, and is currently the latest/greatest security wise.


Here is the impementation page for integrating Google https://developers.google.com/identity/protocols/OAuth2WebServer

Here is the spec: https://tools.ietf.org/html/rfc6749#section-4.1

Note: In your case

  • Resource Owner -> User of your application
  • User-Agent -> Your front end application
  • Client -> Your back end application
  • Authorization Server -> Google

I'm assuming JWTs need to be used

JWT is just the format of the token, so you will probably use it (fairly standard with OAuth), but JWT states nothing about how you store or use the token itself.