Initiate Google OpenID Connect Authentication Request

Q

How to initiate Google OpenID Connect Authentication Request?

✍: FYIcenter.com

A

The Google OpenID Connect v1.0 Authentication Request must be initiated from the end user's Web browser, because the Google OpenID Connect service needs to communicate with the Web browser to make sure that the end user is signed on to a Google account and has a valid browser session.

There are a number of options to initiate Google OpenID Connect Authentication Request:

1. Using HTML "form" POST method to let the end user submit the request. All request parameters are coded as hidden form variables. For example:

<p>Please click the button flow to sign-on:</p>
<form method="POST" 
   action="https://accounts.google.com/o/oauth2/v2/auth">
<input type="hidden" name="client_id"
   value="9150833677096-...apps.googleusercontent.com">
...
<input type="Submit" name="Submit" value="Sign-On"><br/>
</form>

The main risk of this option is that your end user can view HTML source to see your "client_id" value and other request parameters.

2. Using HTML "form" GET method to let the end user submit the request. All request parameters are coded as hidden form variables. For example:

<p>Please click the button flow to sign-on:</p>
<form method="GET" 
   action="https://accounts.google.com/o/oauth2/v2/auth">
<input type="hidden" name="client_id"
   value="9150833677096-...apps.googleusercontent.com">
...
<input type="Submit" name="Submit" value="Sign-On"><br/>
</form>

This option is not as good as the first option, because all parameters show up in the browser's Web address area for a short period of time before Google OpenID Connect service redirects the browser to the sign-on page or your application page.

Note that all parameters may stay in the browser's Web address area for a long time if there is any issue with your authentication request.

3. Use a server side script to return a HTTP 302 redirect response. All request parameters are coded as the query string of the redirect URL. For example:

In the HTML document: 
<p>Click hereto sign-on</p>

In the service side script, Azure-AD-Redirect.php:
$url = "https://accounts.google.com/o/oauth2/v2/auth".
   "?client_id=9150833677096-...apps.googleusercontent.com".
   "&...";
header("Location: $url");

When the Web receives the HTTP 302 redirect response, it will automatically call the URL given in the "Location" response header.

This option is does not leave your client_id value in the HTML source code. But all parameters show up in the browser's Web address area for a short period of time before Google OpenID Connect redirects the browser the sign-on page or your application page.

Note that all parameters may stay in the browser's Web address area for a long time if there is any issue with your authentication request.

Compare to other options, option 3 might be the best option.

⇒ Process Google OpenID Connect Authentication Request

⇐ Google OpenID Connect Authentication Request

⇑ Google OpenID Connect Integration

⇑⇑ OpenID Tutorials

2021-03-07, 1506🔥, 0💬

Google OpenID Authentication Request Test
How to build a Google OpenID Authentication Request Test page? The Authentication Request is the first call to the Google OpenID Connect service. You can build a simple Web form page to test different behavior of the Authentication Request. Here is an example, Google-OpenID-Authentication-R equest-Te... 2022-04-13, ∼1695🔥, 0💬

Authentication Response Received from Google OpenID Connect
How to process the authentication response received from Google OpenID Connect service after sending an authentication request? After Google OpenID Connect service receives an authentication request from the end user's Web browser, it will process the request and redirect the Web browser to the "red... 2021-03-07, ∼1622🔥, 0💬

Application Registration for Google OpenID
How to register applications for Google OpenID Connect? Here are steps to register your application in your Google account. 1. Go to https://console.developers.goo gle.com. 2. Click "Credentials" from the left menu. You see a list of client application projects and their client credentials registere... 2021-03-21, ∼1578🔥, 0💬

Requirements for Google OpenID Connect Integration
What are requirements for OpenID Connect Integration? If you want to integrate your application with Google OpenID Connect interface, you need to prepare the following: You need a Google account. A Gmail account is good enough. Register your application as a client application project in your Google... 2021-03-21, ∼1546🔥, 0💬

Process Google OpenID Connect Authentication Request
How to the Google OpenID Connect Authentication Request is process by Google OpenID Connect service? When Google OpenID Connect service receives a Authentication Request from an end user's Web browser, it will: Verify if the "client_id" value in the request is valid. If not, display an error message... 2021-03-07, ∼1520🔥, 0💬

Initiate Google OpenID Connect Authentication Request
How to initiate Google OpenID Connect Authentication Request? The Google OpenID Connect v1.0 Authentication Request must be initiated from the end user's Web browser, because the Google OpenID Connect service needs to communicate with the Web browser to make sure that the end user is signed on to a ... 2021-03-07, ∼1507🔥, 0💬

Capture Google OpenID Connect Authentication Response
How to capture the Google OpenID Connect Authentication Response? If you are use the Google-OpenID-Connect-Test-Pag e.htmltest Web form using "response_type=id_token" to test the implicit flow, you can capture the id_token value with the browser. 1. Run Google-OpenID-Connect-Test-Pag e.htmlin a Web ... 2022-03-29, ∼1486🔥, 0💬

Build Implicit Flow with Google OpenID Connect
How to implement the OpenID Implicit Flow with Google OpenID Connect service? If you want to implement the OpenID Implicit Flow in your Web application to use Google OpenID Connect service, you should follow these steps: 1. Building the Google OpenID Connect Sign-on authentication request: Register ... 2022-02-04, ∼1470🔥, 0💬

Google OpenID Connect Authentication Request
What is the Google OpenID Connect Authentication Request? Before deciding which authentication flow you want to implement in your Web application, you need to have a good understanding of the Google OpenID Connect authentication request, which is the first call you have to make in any authentication... 2021-03-07, ∼1461🔥, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.