I am working on a NestJS and React app. App should have only google login.
After many hours of searching through awful google docs and web tutorials I am considering the following flow:
- react stores JWT token obtained via Google Sign In (@react-oauth/google)
- a) send additional request from FE to BE to verify token and create user if he does not exist
- with each request we send that ID_TOKEN to the API,
- NestJS creates a middleware/guard which verifies every request by using OAuthClient and verifying the token.
- if token is verified user is considered logged in.
- if id_token is not valid we send not logged in status code and redirect user to login page
Does this flow make sense?
I am wondering if I need to store some unique data like sub in our db?
Do i need to generate my own JWT?
This will be only login method for now.