Backendless Support
 
Answered

How to use Google SignIn without saving user credentials?

I want to use Google SignIn to restrict access to my app to only those users within my school's Google Apps domain, but I don't want to save any of their credentials in the Users table. How do I prevent those values from being saved so that they are not exposed to us?

Thanks!

Roger

Leave a Comment

Comments (4)

photo
1

Roger,

Google Signin credentials are not stored in Backendless for the reason that Backendless never sees them. Perhaps you are talking about some other user properties?

Regards,

Mark

photo
1

Sorry, perhaps my question was misstated. I noticed in the Users table that there was an entry created after I logged in. This entry contained my Google email address, my name, and something entered in the password field. What are these values if they are not coming from Google?

My ITS security manager is very concerned about people being able to use Backendless to harvest usernames and passwords, so I need to understand what is happening here so that I can reassure him that is not what is going on.

Thanks!

Roger

photo
1

Hi Roger,

The values you see showing up in the Users table is the result of the Google Sign in integration done in your app. In the API call which handles the login, your app identifies the properties which should be mapped to columns in Backendless.

Password will never make it there, Google does not expose user passwords, so it should not be a concern.

Regards,

Mark

photo
1

Oh, that's interesting. I just followed the tutorials on the Backendless website:

https://backendless.com/docs/ios/doc.html#users_login_with_google_ios

Is there a way to modify those methods so that they don't record anything other than the user's email address? Sorry if these questions seem a little newbish.

Also I was a bit confused by the section about User Properties which mentions passwords -- if the password from Google Login is not getting into Backendless, then where is this password property coming from and how is it used by Backendless if not by Google?

Thanks again for your feedback.

Roger

Identity Property

It is required that one of the properties is marked as identity. This is the property Backendless uses for the Login and Restore Password operations. As users register, Backendless ensures the value for the identity property is unique in the context of a specific version of the application.

Password Property

"password" is a special property. Backendless automatically adds the property when an application is created. The following rules apply to the password property:

Password cannot be removed from the application.Password cannot be used as identity.Password is always a required property