1

As I am new to mobile development and I am using react native. I am trying to implement external login(Facebook/Google) login, I got libraries using which I am able to get the details of user profile such as firstName, lastName, email from both Facebook and Google. Here my question is, is it right and safe to get details of the user profile, and calling register api to register/login and get the JWT token to land the application to home screen? Or is there any way that we can just click on Facebook/Google button by passing just provider name we can get all details from web api itself.

I feel, fetching the user profile details from web api is safer than getting user profile using react native library/sdk and then calling register api to register/login the same.

If there any link or Github reference please share the same for better and in details understanding.

Thanks In Advance.

Improve this question

1 Answer 1

Reset to default
1

You seems to have it figured out yourself. Call Google or other third party to retrieve user details such as email and name. Then call your own backend to register that user to your platform.

The next time user login using social login do a similar call to your backend to check if user with the details exist in your database and send a corresponding response back.

Check this link Google Login React Native. This reference is a little old one but might give you a heads up.

Note: You will need to have corresponding permissions enabled in providers developer console. Some cases you will get an access token after login/signup using social media. You will then need to fetch user data from corresponding provider using their api or SDK.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Here my concern is, if we retrieve the user profile details, and then call register api with login provider details. We can bypass third party login using postman call where you can give provider as Facebook/Google, and then provider Id as any random number. In this way it will consider as third login and allows to access the api, which is a security breach.
@John like security breach depends on your backend API. Even better what you can do is to pass the access token and login type (Facebook/Google) to your backend API. Then in your server retrieve user data from there using server side SDKs
this is what I was talking about. But I need to know how can we get the profile details in asp.net core api. I am working on both api and front end.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.