Basically when I sent an authentication using a Google token, how does nakama verify that token is legit? Does it actually verify it through some api that connects back to Google’s servers?
You can view the source code:
err = signingMethod.Verify(payloadBase64, signatureBase64, []byte(appSecret))
if err != nil {
return "", err
}
return payload.PlayerID, nil
}
// CheckGoogleToken extracts the user's Google Profile from a given ID token.
func (c *Client) CheckGoogleToken(ctx context.Context, idToken string) (*GoogleProfile, error) {
c.logger.Debug("Checking Google ID", zap.String("idToken", idToken))
c.googleMutex.RLock()
if c.googleCertsRefreshAt < time.Now().UTC().Unix() {
// Release the read lock and perform a certificate refresh.
c.googleMutex.RUnlock()
c.googleMutex.Lock()
if c.googleCertsRefreshAt < time.Now().UTC().Unix() {
certs := make(map[string]string, 3)
err := c.request(ctx, "google cert", "https://www.googleapis.com/oauth2/v1/certs", nil, &certs)