Tools, FAQ, Tutorials:
Validate Google OpenID Connect id_token Signature
How to validate the id_token signature received from Google OpenID Connect authentication response?
✍: FYIcenter.com
You can try to validate the "id_token" signature with your own code logic in these steps:
1. Take out the "kid" value from "Header" component of the "id_token". This will be used to identify the public key Google OpenID Connect service used to sign the "id_token". The "kid" value is replacing the "x5t" value. So stop using the "x5t" value.
Header = Header = { "alg": "RS256", "kid": "08d3245c62f86b6362afcbbffe1d069826dd1dc1", "typ": "JWT" }
2. Get certificates of all Google public keys from https://www.googleapis.com/oauth2/v1/certs. This URL is included in the metadata document in your application registration.
{ "b15a2b8f7a6b3f6bc08bc1c56a88410e146d01fd": "-----BEGIN CERTIFICATE-----\nMIIDJjCCAg6gAwIBAgIIM7dsQ7..." "08d3245c62f86b6362afcbbffe1d069826dd1dc1": "-----BEGIN CERTIFICATE-----\nMIIDJjCCAg6gAwIBAgIIGGqu9B..." }
3. Find the certificate of the public key that matches the "kid" value from the id_token.
4. Validate the "Signature" component of the "id_token" with this public key certificate.
⇒ Google OpenID Connect Access Token Request
⇐ Validate Google OpenID Connect id_token
2019-02-05, 1518🔥, 0💬
Popular Posts:
How to use the urllib.request.Request object to build more complex HTTP request? The urllib.request....
How to search for the first match of a regular expression using re.search()? The re.search() functio...
How to add request URL Template Parameters to my Azure API operation 2017 version to make it more us...
How to include additional claims in Azure AD v2.0 id_tokens? If you want to include additional claim...
How to decode the id_token value received from Google OpenID Connect authentication response? Accord...