My project includes web and android client. I want to combine Google cross platform sign-in and loopback third-party login.
In my scenario, I will never ask username and password. User only uses Google sign-in button for authentication and authorization on both web and android app.
Lets assume, it's the first time you logged in with Google sign-in through my web site. In loopback third-party scenario, if you are not existing on db, it creates an account corresponded provider and external id. (In this case provider is google and external id is your unique google id). This is for web, loopback-example-passport
So, assume that above scenario for android. You click only Google Sign-in button and then loopback server will able to do above things (as web)
Is there a built-in way in loopback for this? If not, how can I integrate this scenario in loopback properly?
Well it's a little bit old question, but I've encountered the same issue on android, but with facebook third party login.
I didn't find any trivial solution, so after a lot of struggle tried different approach: (change facebook to google for your case)
Assuming it's valid, server check's if the user already has local account (can be checked with email or id):
6.1 If user doesn't have an account, we create a new one with the Facebook User ID or email (loopback requires password so a random one can be provided), this will assign our own unique UserID and issue our auth ticket (
user.createAccessToken(ttl, callback)
).6.2 else, continue just with assigning auth ticket to user for this session