I have implementing the Android Google authentication using google.android.gms.auth.

In the setting for GoogleSignInOptions I used till now requestIdToken, with the understanding that this implements OAuth2 Authorization Code flow. This means that it should be using what is known in OAuth2 RFC as response_type=code, code-based that later is validated in the backed.

But digging more into this, I just saw that there is another option requestServerAuthCode, and by looking at it is closer to what I thought I am doing.

Which of these achieves OAuth2 Authorization Code Flow?

Thanks!

1

There are 1 answers

0
user2705223 On

With the ID token flow, you're only using Google Sign In to obtain the identity of the user. See https://android-developers.googleblog.com/2016/01/using-google-sign-in-with-your-server.html.

To use authorization codes, typically with your server, see https://android-developers.googleblog.com/2016/02/using-credentials-between-your-server.html