Google sign-in authentication in your webapp

The Documentation

https://developers.google.com/identity/sign-in/web/sign-in

The Catch

Since it is javascript, anyone can inject code in your website via the debugger and send any email as received and simulate a positive signin from google authentication, even if over HTTPS. The only way to securely validate the signin is server-side with the token.

Read this https://developers.google.com/identity/sign-in/web/backend-auth to see how to verify a token id in the backend.

My Library

(work in progress..)