How to use Google OAauth2.02 on Android device to connect to a node.js backend? -

How to use Google OAauth2.02 on Android device to connect to a node.js backend? -

i'm building android/ios/web app authenticates provider receive access token , uses token in api calls node.js backend. i've got working facebook using passport , facebook-token strategy (https://github.com/drudge/passport-facebook-token)

now i'd repeat process library https://www.npmjs.org/package/passport-google-token

should easy, right? google's developer console android doesn't provide client secret. infact there little documentation on if authenticate on device , utilize token communicate server. simple facebook, there missing?

fb's (or google's) access_token their api, not yours. also, flows 3rd party providers fb , google intended web sites (this auth code grant). devices (and spa) typically utilize implicit flow doesn't require secrets on client.

you might want consider authenticating users google or fb (or whatever) in website (using either strategies optimized web flows), , issue api specific token derived that. recommend issuing jwt, lightweight , simple use.

on api side utilize express-jwt. see here additional details.

android node.js oauth-2.0 google-oauth passport.js