Backendless Support
 
Answered

How to use Google SignIn without saving user credentials?

I want to use Google SignIn to restrict access to my app to only those users within my school's Google Apps domain, but I don't want to save any of their credentials in the Users table. How do I prevent those values from being saved so that they are not exposed to us?

Thanks!

Roger

Leave a Comment

Comments (3)

photo
1

Roger,

Google Signin credentials are not stored in Backendless for the reason that Backendless never sees them. Perhaps you are talking about some other user properties?

Regards,

Mark

photo
1

Sorry, perhaps my question was misstated. I noticed in the Users table that there was an entry created after I logged in. This entry contained my Google email address, my name, and something entered in the password field. What are these values if they are not coming from Google?

My ITS security manager is very concerned about people being able to use Backendless to harvest usernames and passwords, so I need to understand what is happening here so that I can reassure him that is not what is going on.

Thanks!

Roger

photo
1

Hi Roger,

The values you see showing up in the Users table is the result of the Google Sign in integration done in your app. In the API call which handles the login, your app identifies the properties which should be mapped to columns in Backendless.

Password will never make it there, Google does not expose user passwords, so it should not be a concern.

Regards,

Mark