Hi,
Sorry if this is not the right forum.
In our service (back-end in Java/Spring, front-end in React) we implemented Google Sign in.
The end result of the Sign In process is that the front-end receives an object from Google which it re-sends to the back-end. The back-end verifies (with a Google Library) that the object is valid and extracts user info from it. Like this:
public void authenticateGoogleUser(Object googleInfo){
LinkedHashMap<String, String> map = (LinkedHashMap) googleInfo;
String tokenId = map.get("tokenId");
GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(...).build();
GoogleIdToken googleIdToken = verifier.verify(tokenId);// verify that the tokenId is valid
GoogleIdToken.Payload payload = googleIdToken.getPayload();
String userId = payload.getSubject();
String email = payload.getEmail();// etc.
}
Now we want to implement the same functionality with Microsoft Sign in.
The front end shows the Microsoft SignIn button, user signs in,
front-end receives the Microsoft SignIn response object and re-sends it to the back-end server.
Our question is: How do we validate this response in the back-end server?
Is there a library that does it, like the GoogleIdTokenVerifier?
Thank you