Handle Authentication when user is signing up with google

[Bluesparx]

Problem

Currently, all protected routes rely on JWT verification for user authentication. It does not handle the scenario where a user signs up or logs in using Google (Firebase). As a result, users authenticated via Google can bypass the JWT verification or face issues accessing protected routes.

Solution:

• Implement a unified authentication system that supports both JWT-based sessions and Firebase tokens.

[hv-ojha]

It will be better if we trigger the Google SignIn from backend.
Because that way we will be able to generate new token according to the login type. Also we will have full control over JWT creation as well as adding new data in coming future.

Also after signIn we can token in cookies and header for better authorization and authentication.
You can take a reference from this diagram. We have tried some similar architecture in my past application.

Note: It is just for your reference, we can have customized implementation according to our business case.

Helpful URLs
Google verify token

Google Auth using NodeJS backend

SAML is an authentication not authorization

[Bluesparx]

Yes, that sounds good.