Tools, FAQ, Tutorials:
Validate Google OpenID Connect id_token Signature
How to validate the id_token signature received from Google OpenID Connect authentication response?
✍: FYIcenter.com
You can try to validate the "id_token" signature with your own code logic in these steps:
1. Take out the "kid" value from "Header" component of the "id_token". This will be used to identify the public key Google OpenID Connect service used to sign the "id_token". The "kid" value is replacing the "x5t" value. So stop using the "x5t" value.
Header = Header = { "alg": "RS256", "kid": "08d3245c62f86b6362afcbbffe1d069826dd1dc1", "typ": "JWT" }
2. Get certificates of all Google public keys from https://www.googleapis.com/oauth2/v1/certs. This URL is included in the metadata document in your application registration.
{ "b15a2b8f7a6b3f6bc08bc1c56a88410e146d01fd": "-----BEGIN CERTIFICATE-----\nMIIDJjCCAg6gAwIBAgIIM7dsQ7..." "08d3245c62f86b6362afcbbffe1d069826dd1dc1": "-----BEGIN CERTIFICATE-----\nMIIDJjCCAg6gAwIBAgIIGGqu9B..." }
3. Find the certificate of the public key that matches the "kid" value from the id_token.
4. Validate the "Signature" component of the "id_token" with this public key certificate.
⇒ Google OpenID Connect Access Token Request
⇐ Validate Google OpenID Connect id_token
2019-02-05, 1636🔥, 0💬
Popular Posts:
Where to find tutorials on Using Azure API Management Publisher Dashboard? Here is a list of tutoria...
How to Install Docker Desktop on Windows 10? You can follow this tutorial to Install Docker Desktop ...
How to add request query string Parameters to my Azure API operation to make it more user friendly? ...
Where to get a real Atom XML example? You can follow this tutorial to get a real Atom XML example: 1...
How to validate the id_token signature received from Azure AD v2.0 authentication response? You can ...