Tools, FAQ, Tutorials:
Validate Google OpenID Connect id_token Signature
How to validate the id_token signature received from Google OpenID Connect authentication response?
✍: FYIcenter.com
You can try to validate the "id_token" signature with your
own code logic in these steps:
1. Take out the "kid" value from "Header" component of the "id_token". This will be used to identify the public key Google OpenID Connect service used to sign the "id_token". The "kid" value is replacing the "x5t" value. So stop using the "x5t" value.
Header = Header = { "alg": "RS256", "kid": "08d3245c62f86b6362afcbbffe1d069826dd1dc1", "typ": "JWT" }
2. Get certificates of all Google public keys from https://www.googleapis.com/oauth2/v1/certs. This URL is included in the metadata document in your application registration.
{ "b15a2b8f7a6b3f6bc08bc1c56a88410e146d01fd": "-----BEGIN CERTIFICATE-----\nMIIDJjCCAg6gAwIBAgIIM7dsQ7..." "08d3245c62f86b6362afcbbffe1d069826dd1dc1": "-----BEGIN CERTIFICATE-----\nMIIDJjCCAg6gAwIBAgIIGGqu9B..." }
3. Find the certificate of the public key that matches the "kid" value from the id_token.
4. Validate the "Signature" component of the "id_token" with this public key certificate.
Â
⇒ Google OpenID Connect Access Token Request
⇠Validate Google OpenID Connect id_token
⇑ Google OpenID Connect Integration
⇑⇑ OpenID Tutorials
2019-02-05, 1067👍, 0💬
Popular Posts:
Where to get a JSON.stringify() Example Code in JavaScript? Here is a good JSON.stringify() example ...
How to add request query string Parameters to my Azure API operation 2017 version to make it more us...
How to use the JSON to XML Conversion Tool at freeformatter.com? If you want to try the JSON to XML ...
How to add request URL Template Parameters to my Azure API operation 2017 version to make it more us...
How to convert JSON Objects to PHP Associative Arrays using the json_decode() function? Actually, JS...