Tools, FAQ, Tutorials:
Validate Google OpenID Connect id_token
How to validate the id_token value received from Google OpenID Connect authentication response?
✍: FYIcenter.com
As you can see from the previous tutorials, you can easily decode the "id_token" value received from Google OpenID Connect authentication response using a simple PHP script.
After decoding, you can get all information about the end user from the body component, and trust it without any validation.
But, since the "id_token" is included in the authentication response delivered over the public Internet, you should not trust it and perform a number validation steps:
1. Data structure validation.
2. Data attributes validation.
3. Timestamp attributes validation. This will prevent someone to repost the authentication response to your server script at a later time.
4. "nonce" protection and validation. This will prevent someone to repost the authentication response again immediately.
5. Signature validation. This is to ensure the entire authentication response message has not been modified by someone else. See next tutorial on how to perform "id_token" signature validation.
⇒ Validate Google OpenID Connect id_token Signature
⇐ Decode Google OpenID Connect id_token
2022-02-04, 1222🔥, 0💬
Popular Posts:
Where can I download the EPUB 2.0 sample book "The Metamorphosis" by Franz Kafka? You can following ...
Where to get the detailed description of the JSON.stringify() Function in JavaScript? Here is the de...
How to Instantiate Chaincode on BYFN Channel? You can follow this tutorial to Instantiate Chaincode ...
How to view API details on the Publisher Dashboard of an Azure API Management Service? You can follo...
How To Convert a Character to an ASCII Value? If you want to convert characters to ASCII values, you...