axum-login with 'Sign in with Google for Web' #244
Unanswered
danburkert
asked this question in
Q&A
Replies: 1 comment 7 replies
-
I'm not really sure what your question is. |
Beta Was this translation helpful? Give feedback.
7 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
I'm trying to integrate
axum-login
with an application which uses Sign in with Google for Web (GSI) to handle authentication. GSI is similar to OIDC, in that an ID token is provided to the application while authenticating a user. I'm struggling to understand how to implement theAuthUser::session_auth_hash
functionality.The oauth2 example in the repo appears to extract an access token secret from the JWT during authentication, which is then stored into the database. GSI doesn't have an access token as such, so this isn't directly translatable. Additionally, I suspect that this implementation doesn't allow a user to be actively signed in to the application on two different devices (say a laptop and mobile), since the JWTs on each device would be different, and the second to authenticate would effectively invalidate the
session_auth_hash
of the first and thus log it out? I'd like to support this usecase if possible. Furthermore, this example makes me a bit uneasy because it's storing an un-hashed credential directly in the database, which is dangerous in the event of a database leak. I don't see an obvious reason for storing the access token, since it would seem to be functionally equivalent to randomly generating a 'hash' directly following authentication, and storing that in the database?Thanks,
Beta Was this translation helpful? Give feedback.
All reactions