How to process the authentication response received from Google OpenID Connect service after sending an authentication request?

After Google OpenID Connect service receives an authentication request from the end user's Web browser, it will process the request and redirect the Web browser to the "redirect_uri" with the authentication response.

This invoke your server side script located at the "redirect_uri". In order for your script to process the authentication response, you need to have a good understanding of the authentication response.

Here is an example of Google OpenID Connect authentication response, returned with "response_type=id_token" in your authentication request, by using a Web browser redirect response:

Status Code: 302 

location: http://dev.fyicenter.com/openID_receiver.php \
   #state=7654321 \
   &id_token=ey4MjZkZDFkYzE5mN... \
   &authuser=1 \
   &session_state=c80391c7772... \
   &prompt=none

The "id_token" value is actually a RFC 7519 - JWT (JSON Web Token) string.

Note that Google OpenID Connect returns parameters as a URL "anchor" using the "#" identifier, instead of a URL query string using the "?" identifier. This will cause problem for your server side scritp, openID_receiver.php, when the browser directs the user to this URL, it will remove the "anchor" part of the URL.openID_receiver.php will get no parameters.

It looks like the Google OpenID Connect Implicit flow is intended for application with JavaScript code running in the browser to fire the authentication request with "response_type=id_token" in an AJAX call, and receive/decode the id_token in the browser.

If you really want to pass the id_token to the server side, you make another AJAX call to send the id_token to the server script, openID_receiver.php.

 

⇒ Google OpenID Authentication Request Test

⇐ Process Google OpenID Connect Authentication Request

⇑ Google OpenID Connect Integration

⇑⇑ OpenID Tutorials