I will try to answer your questions. But these are only my personal oppinions so you should do your own researches, too.
I would use a single microservice that handles everything regarding users and authentication. Like login with google, facebook, (optional) user signup and user database, creation of application JWTs. etc
From a security perspective there is no reason to hide the clientID from the user. But handling the flow in the backend would be a security improvement for other reasons. The OAuth flow in the backend is called "Authorization Code Flow" and it will be more secure. But I did not try it myself yet.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hello Aakash,
Thank you for your feedback.
I will try to answer your questions. But these are only my personal oppinions so you should do your own researches, too.
I would use a single microservice that handles everything regarding users and authentication. Like login with google, facebook, (optional) user signup and user database, creation of application JWTs. etc
From a security perspective there is no reason to hide the clientID from the user. But handling the flow in the backend would be a security improvement for other reasons. The OAuth flow in the backend is called "Authorization Code Flow" and it will be more secure. But I did not try it myself yet.