Tools, FAQ, Tutorials:
Initiate Google OpenID Connect Authentication Request
How to initiate Google OpenID Connect Authentication Request?
✍: FYIcenter.com
The Google OpenID Connect v1.0 Authentication Request must be initiated from
the end user's Web browser, because the Google OpenID Connect service
needs to communicate with the Web browser to make sure that the end user
is signed on to a Google account and has a valid browser session.
There are a number of options to initiate Google OpenID Connect Authentication Request:
1. Using HTML "form" POST method to let the end user submit the request. All request parameters are coded as hidden form variables. For example:
<p>Please click the button flow to sign-on:</p> <form method="POST" action="https://accounts.google.com/o/oauth2/v2/auth"> <input type="hidden" name="client_id" value="9150833677096-...apps.googleusercontent.com"> ... <input type="Submit" name="Submit" value="Sign-On"><br/> </form>
The main risk of this option is that your end user can view HTML source to see your "client_id" value and other request parameters.
2. Using HTML "form" GET method to let the end user submit the request. All request parameters are coded as hidden form variables. For example:
<p>Please click the button flow to sign-on:</p> <form method="GET" action="https://accounts.google.com/o/oauth2/v2/auth"> <input type="hidden" name="client_id" value="9150833677096-...apps.googleusercontent.com"> ... <input type="Submit" name="Submit" value="Sign-On"><br/> </form>
This option is not as good as the first option, because all parameters show up in the browser's Web address area for a short period of time before Google OpenID Connect service redirects the browser to the sign-on page or your application page.
Note that all parameters may stay in the browser's Web address area for a long time if there is any issue with your authentication request.
3. Use a server side script to return a HTTP 302 redirect response. All request parameters are coded as the query string of the redirect URL. For example:
In the HTML document: <p>Click hereto sign-on</p> In the service side script, Azure-AD-Redirect.php: $url = "https://accounts.google.com/o/oauth2/v2/auth". "?client_id=9150833677096-...apps.googleusercontent.com". "&..."; header("Location: $url");
When the Web receives the HTTP 302 redirect response, it will automatically call the URL given in the "Location" response header.
This option is does not leave your client_id value in the HTML source code. But all parameters show up in the browser's Web address area for a short period of time before Google OpenID Connect redirects the browser the sign-on page or your application page.
Note that all parameters may stay in the browser's Web address area for a long time if there is any issue with your authentication request.
Compare to other options, option 3 might be the best option.
⇒ Process Google OpenID Connect Authentication Request
⇐ Google OpenID Connect Authentication Request
2021-03-07, 1506🔥, 0💬
Popular Posts:
Why I am getting "The Windows SDK version 8.1 was not found" error, when building my C++ application...
How to create Hello-3.1.epub with WinRAR? I have all required files to create Hello-3.1.epub. To cre...
Where to get the detailed description of the JSON.stringify() Function in JavaScript? Here is the de...
How to read Atom validation errors at w3.org? If your Atom feed has errors, the Atom validator at w3...
How to use the "set-backend-service" Policy Statement for an Azure API service operation? The "set-b...