Similar to a previous article about Facebook tokens, I am going to explain how to verify, in an API, that users authenticated successfully with Google in a mobile app.
First step is to get the client IDs and secrets. It is explained in the Acquiring client IDs and secrets section of the Google Oauth 2.0 Guide.
Buried deep in the Google guides vortex, we can find what the mobile app has to do in the Authenticate with a backend server guide, Send the ID token to your server section. Basically the app will authenticate the user with Google and will get a ID token returned. The app must then send the ID token to the API.
Initialize the OAuth 2.0 client:
client = Signet::OAuth2::Client.new(client_id: google_client_id, client_secret: google_client_secret)
Assign the ID token received from the app to the client:
client.id_token = id_token_from_the_app
Finally, decode the token:
payload = client.decoded_id_token
The Google user ID will be in
payload['sub'] if the token was successfully decoded.