Social Login validation using google and facebook

Posted By : Prince Gupta | 29-Jun-2022

1. Maven dependency:

First of all we need to add maven dependency for google token authentication.

<dependency>
    <groupId>com.google.auth</groupId>
    <artifactId>google-auth-library-oauth2-http</artifactId>
    <version>0.3.1</version>
</dependency>
<dependency>
    <groupId>com.google.firebase</groupId>
    <artifactId>firebase-admin</artifactId>
    <version>6.9.0</version>
    <scope>compile</scope>
</dependency>
<dependency>
    <groupId>com.google.api-client</groupId>
    <artifactId>google-api-client</artifactId>
    <version>1.31.5</version>
</dependency>

2. We Need to add Google Id token verifier class to our project provided by google:

@Beta
public class GoogleIdTokenVerifier extends IdTokenVerifier {

    private final GooglePublicKeysManager publicKeys;

    public GoogleIdTokenVerifier(HttpTransport transport, JsonFactory jsonFactory) {
        this(new Builder(transport, jsonFactory));
    }

    public GoogleIdTokenVerifier(GooglePublicKeysManager publicKeys) {
        this(new Builder(publicKeys));
    }

    protected GoogleIdTokenVerifier(Builder builder) {
        super(builder);
        publicKeys = builder.publicKeys;
    }

    public final GooglePublicKeysManager getPublicKeysManager() {
        return publicKeys;
    }

    public final HttpTransport getTransport() {
        return publicKeys.getTransport();
    }

    public final JsonFactory getJsonFactory() {
        return publicKeys.getJsonFactory();
    }

    public boolean verify(GoogleIdToken googleIdToken) throws GeneralSecurityException, IOException {
        if (!super.verify(googleIdToken)) {
            return false;
        }
        for (PublicKey publicKey : publicKeys.getPublicKeys()) {
            if (googleIdToken.verifySignature(publicKey)) {
                return true;
            }
        }
        return false;
    }


    public GoogleIdToken verify(String idTokenString) throws GeneralSecurityException, IOException {
        GoogleIdToken idToken = GoogleIdToken.parse(getJsonFactory(), idTokenString);
        return verify(idToken) ? idToken : null;
    }

    @Beta
    public static class Builder extends IdTokenVerifier.Builder {

        GooglePublicKeysManager publicKeys;

        public Builder(HttpTransport transport, JsonFactory jsonFactory) {
            this(new GooglePublicKeysManager(transport, jsonFactory));
        }

        public Builder(GooglePublicKeysManager publicKeys) {
            this.publicKeys = Preconditions.checkNotNull(publicKeys);
            setIssuers(Arrays.asList("accounts.google.com", "https://accounts.google.com"));
        }

        @Override
        public GoogleIdTokenVerifier build() {
            return new GoogleIdTokenVerifier(this);
        }

        public final GooglePublicKeysManager getPublicCerts() {
            return publicKeys;
        }

        public final HttpTransport getTransport() {
            return publicKeys.getTransport();
        }

        public final JsonFactory getJsonFactory() {
            return publicKeys.getJsonFactory();
        }

        @Override
        public Builder setIssuer(String issuer) {
            return (Builder) super.setIssuer(issuer);
        }

        @Override
        public Builder setIssuers(Collection<String> issuers) {
            return (Builder) super.setIssuers(issuers);
        }

        @Override
        public Builder setAudience(Collection<String> audience) {
            return (Builder) super.setAudience(audience);
        }

        @Override
        public Builder setAcceptableTimeSkewSeconds(long acceptableTimeSkewSeconds) {
            return (Builder) super.setAcceptableTimeSkewSeconds(acceptableTimeSkewSeconds);
        }

        @Override
        public Builder setClock(Clock clock) {
            return (Builder) super.setClock(clock);
        }
    }
}

This class is provided by Google which is used to verify tokens using the google verify method.

3. We Need to use this class for verify our token:

if (socialSignInDTO.getSocialValidationEnum().toString().equals("GOOGLE")) {
    GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(new NetHttpTransport(), jacksonFactory).build();
    GoogleIdToken idToken = verifier.verify(socialSignInDTO.getGoogleIdToken());
    if (idToken != null) {
        GoogleIdToken.Payload payload = idToken.getPayload();
        Long expireTime = payload.getExpirationTimeSeconds();
        String iss = payload.getIssuer();
        String hd = payload.getHostedDomain();
        String email = payload.getEmail();

by using this we can verify our google from google server if we get value in idToken then our token is validate else we need to try with other token.

For Facebook Validation:

we need to fetch data from facebook rest template api from from access token debugger in which we get many details which are present in access token.

public Object getAccessTokenCredentials(String accessToken) {
    return restTemplate.getForObject("https://graph.facebook.com/me?access_token=" + accessToken, Object.class);
}

using this if we get non null object then access token is valid and we can perform our task

if (socialSignInDTO.getSocialValidationEnum().toString().equals("FACEBOOK")) {
    Object accessTokenCredentials = getAccessTokenCredentials(socialSignInDTO.getAccessToken());
    if (accessTokenCredentials != null) 

Using this spinet of code we can add google and Facebook token validation to our project for better security purposes we can validate token is genuine or not

About Author

Author Image
Prince Gupta

He is Good Listener, Quick Learner, Hard working employee. He possess the knowledge of JAVA ,MYSQL, ORM Framework like Hibernate. Currently working in SPRING-BOOT API.

Request for Proposal

Name is required

Comment is required

Sending message..