I want to use Google SignIn to restrict access to my app to only those users within my school’s Google Apps domain, but I don’t want to save any of their credentials in the Users table. How do I prevent those values from being saved so that they are not exposed to us?
Google Signin credentials are not stored in Backendless for the reason that Backendless never sees them. Perhaps you are talking about some other user properties?
Sorry, perhaps my question was misstated. I noticed in the Users table that there was an entry created after I logged in. This entry contained my Google email address, my name, and something entered in the password field. What are these values if they are not coming from Google?
My ITS security manager is very concerned about people being able to use Backendless to harvest usernames and passwords, so I need to understand what is happening here so that I can reassure him that is not what is going on.
The values you see showing up in the Users table is the result of the Google Sign in integration done in your app. In the API call which handles the login, your app identifies the properties which should be mapped to columns in Backendless.
Password will never make it there, Google does not expose user passwords, so it should not be a concern.
Oh, that’s interesting. I just followed the tutorials on the Backendless website:
Is there a way to modify those methods so that they don’t record anything other than the user’s email address? Sorry if these questions seem a little newbish.
Also I was a bit confused by the section about User Properties which mentions passwords – if the password from Google Login is not getting into Backendless, then where is this password property coming from and how is it used by Backendless if not by Google?
Thanks again for your feedback.
It is required that one of the properties is marked as identity. This is the property Backendless uses for the Login and Restore Password operations. As users register, Backendless ensures the value for the identity property is unique in the context of a specific version of the application.
“password” is a special property. Backendless automatically adds the property when an application is created. The following rules apply to the password property:
Password cannot be removed from the application.Password cannot be used as identity.Password is always a required property