You can use JWT for protected your endpoints, in the function oauthGoogleCallback when the login is succeeded you can create the user in your DB and generate the token and return to the user.
So it's okay to get tokens from 3rd party, read user's email from them, add user to database, generate my own tokens, with payload I need, and send them to the client? I thought that it's necessary to send 3rd party's tokens to the client, because they have their own expiration time.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
You can use JWT for protected your endpoints, in the function oauthGoogleCallback when the login is succeeded you can create the user in your DB and generate the token and return to the user.
JWT: github.com/dgrijalva/jwt-go
So it's okay to get tokens from 3rd party, read user's email from them, add user to database, generate my own tokens, with payload I need, and send them to the client? I thought that it's necessary to send 3rd party's tokens to the client, because they have their own expiration time.