Tools, FAQ, Tutorials:
Validate Google OpenID Connect id_token Signature
How to validate the id_token signature received from Google OpenID Connect authentication response?
✍: FYIcenter.com
You can try to validate the "id_token" signature with your own code logic in these steps:
1. Take out the "kid" value from "Header" component of the "id_token". This will be used to identify the public key Google OpenID Connect service used to sign the "id_token". The "kid" value is replacing the "x5t" value. So stop using the "x5t" value.
Header = Header = { "alg": "RS256", "kid": "08d3245c62f86b6362afcbbffe1d069826dd1dc1", "typ": "JWT" }
2. Get certificates of all Google public keys from https://www.googleapis.com/oauth2/v1/certs. This URL is included in the metadata document in your application registration.
{ "b15a2b8f7a6b3f6bc08bc1c56a88410e146d01fd": "-----BEGIN CERTIFICATE-----\nMIIDJjCCAg6gAwIBAgIIM7dsQ7..." "08d3245c62f86b6362afcbbffe1d069826dd1dc1": "-----BEGIN CERTIFICATE-----\nMIIDJjCCAg6gAwIBAgIIGGqu9B..." }
3. Find the certificate of the public key that matches the "kid" value from the id_token.
4. Validate the "Signature" component of the "id_token" with this public key certificate.
⇒ Google OpenID Connect Access Token Request
⇐ Validate Google OpenID Connect id_token
2019-02-05, 1423🔥, 0💬
Popular Posts:
How To Submit Values without Using a Form in PHP? If you know the values you want to submit, you can...
How to read RSS validation errors at w3.org? If your RSS feed has errors, the RSS validator at w3.or...
How to login to the Developer Portal internally by you as the publisher? Normally, the Developer Por...
What Happens If One Row Has Missing Columns? What happens if one row has missing columns? Most brows...
How to access URL template parameters from "context.Request.Matched Parameters"object in Azure API P...