Tools, FAQ, Tutorials:
Initiate Google OpenID Connect Authentication Request
How to initiate Google OpenID Connect Authentication Request?
✍: FYIcenter.com
The Google OpenID Connect v1.0 Authentication Request must be initiated from the end user's Web browser, because the Google OpenID Connect service needs to communicate with the Web browser to make sure that the end user is signed on to a Google account and has a valid browser session.
There are a number of options to initiate Google OpenID Connect Authentication Request:
1. Using HTML "form" POST method to let the end user submit the request. All request parameters are coded as hidden form variables. For example:
<p>Please click the button flow to sign-on:</p> <form method="POST" action="https://accounts.google.com/o/oauth2/v2/auth"> <input type="hidden" name="client_id" value="9150833677096-...apps.googleusercontent.com"> ... <input type="Submit" name="Submit" value="Sign-On"><br/> </form>
The main risk of this option is that your end user can view HTML source to see your "client_id" value and other request parameters.
2. Using HTML "form" GET method to let the end user submit the request. All request parameters are coded as hidden form variables. For example:
<p>Please click the button flow to sign-on:</p> <form method="GET" action="https://accounts.google.com/o/oauth2/v2/auth"> <input type="hidden" name="client_id" value="9150833677096-...apps.googleusercontent.com"> ... <input type="Submit" name="Submit" value="Sign-On"><br/> </form>
This option is not as good as the first option, because all parameters show up in the browser's Web address area for a short period of time before Google OpenID Connect service redirects the browser to the sign-on page or your application page.
Note that all parameters may stay in the browser's Web address area for a long time if there is any issue with your authentication request.
3. Use a server side script to return a HTTP 302 redirect response. All request parameters are coded as the query string of the redirect URL. For example:
In the HTML document: <p>Click hereto sign-on</p> In the service side script, Azure-AD-Redirect.php: $url = "https://accounts.google.com/o/oauth2/v2/auth". "?client_id=9150833677096-...apps.googleusercontent.com". "&..."; header("Location: $url");
When the Web receives the HTTP 302 redirect response, it will automatically call the URL given in the "Location" response header.
This option is does not leave your client_id value in the HTML source code. But all parameters show up in the browser's Web address area for a short period of time before Google OpenID Connect redirects the browser the sign-on page or your application page.
Note that all parameters may stay in the browser's Web address area for a long time if there is any issue with your authentication request.
Compare to other options, option 3 might be the best option.
⇒ Process Google OpenID Connect Authentication Request
⇐ Google OpenID Connect Authentication Request
2021-03-07, 1165🔥, 0💬
Popular Posts:
How to build a test service operation to dump everything from the "context.Request" object in the re...
How To Avoid the Undefined Index Error in PHP? If you don't want your PHP page to give out errors as...
What Is Azure API Management Service? Azure API Management as a turnkey solution for publishing APIs...
How to troubleshoot the Orderer peer? The Docker container terminated by itself. You can follow this...
How to add request URL Template Parameters to my Azure API operation 2017 version to make it more us...