Decode Google OpenID Connect id_token

Q

How to decode the id_token value received from Google OpenID Connect authentication response?

✍: FYIcenter.com

A

According to the "RFC 7519 - JWT (JSON Web Token)" standard, the "id_token" value received from Google OpenID Connect authentication response should be decoded as below:

  • Splitting the encoded string into 3 components: Header, Body, and Signature by the dot "." delimiter: headerEncoded.bodyEncoded.signatureEncoded
  • Get the header in JSON string as headerJSON = base64url_decode(headerEncoded).
  • Get the body in JSON string as bodyJSON = base64url_decode(bodyEncoded).
  • Get the signature in JSON string as signatureJSON = base64url_decode(signatureEncoded).

Here is an example of an "id_token" value returned from Google OpenID Connect after Base64URL decoded:

Header =
{ "alg": "RS256",
  "kid": "08d3245c62f86b6362afcbbffe1d069826dd1dc1",
  "typ": "JWT"
}

Body =
{ "iss":"accounts.google.com",
  "at_hash":"HK6E_P6Dh8Y93mRNtsDB1Q",
  "email_verified":"true",
  "sub":"10769150350006150715113082367",
  "azp":"9150833677096-....apps.googleusercontent.com",
  "email":"jsmith@example.com",
  "aud":"9150833677096-....apps.googleusercontent.com",
  "iat":1353601026,
  "exp":1353604926,
  "nonce": "0394852-3190485-2490358",
  "hd":"example.com" 
}
 
Signature = 
...

Detail description of each field can be found in Google article: "OpenID Connect".

 

Validate Google OpenID Connect id_token

Build Implicit Flow with Google OpenID Connect

Google OpenID Connect Integration

⇑⇑ OpenID Tutorials

2019-02-10, 453👍, 0💬