General - Validate Google OpenID Connect id

Validate Google OpenID Connect id_token Signature

Q

How to validate the id_token signature received from Google OpenID Connect authentication response?

✍: FYIcenter.com

A

You can try to validate the "id_token" signature with your own code logic in these steps:

1. Take out the "kid" value from "Header" component of the "id_token". This will be used to identify the public key Google OpenID Connect service used to sign the "id_token". The "kid" value is replacing the "x5t" value. So stop using the "x5t" value.

Header =
Header =
{ "alg": "RS256",
  "kid": "08d3245c62f86b6362afcbbffe1d069826dd1dc1",
  "typ": "JWT"
}

2. Get certificates of all Google public keys from https://www.googleapis.com/oauth2/v1/certs. This URL is included in the metadata document in your application registration.

{
  "b15a2b8f7a6b3f6bc08bc1c56a88410e146d01fd": 
     "-----BEGIN CERTIFICATE-----\nMIIDJjCCAg6gAwIBAgIIM7dsQ7..."
  "08d3245c62f86b6362afcbbffe1d069826dd1dc1": 
     "-----BEGIN CERTIFICATE-----\nMIIDJjCCAg6gAwIBAgIIGGqu9B..."
}

3. Find the certificate of the public key that matches the "kid" value from the id_token.

4. Validate the "Signature" component of the "id_token" with this public key certificate.

⇒ Google OpenID Connect Access Token Request

⇐ Validate Google OpenID Connect id_token

⇑ Google OpenID Connect Integration

⇑⇑ OpenID Tutorials

2019-02-05, 171👍, 0💬

EPUB 2.0 Metadata in Calibre Book Library
How to view EPUB 2.0 metadata in Calibre book Library? You can follow this tutorial to view EPUB 2.0 metadata in Calibre book library. 1. Click Row-Your-Boat-2.0.epub to download this sample EPUB 2.0 book. 2. Unzip and open package.opf. You see the following metadata elements: <package xmlns=... 2019-01-12, 872👍, 0💬

Google OpenID Connect Access Token Request
What is the Google OpenID Connect Access Token Request? If you want to implement the authentication code flow, also called server flow, to integrate your application with Google OpenID Connect, you need to have a good understanding of the Google OpenID Connect access token request, which is the seco... 2019-02-05, 174👍, 0💬

Initiate Google OpenID Connect Access Token Request
How to initiate Google OpenID Connect Access Token Request? The Google OpenID Connect Access Token Request should be initiated from your application Web server. This is why the authentication code flow is more secure than the implicit flow, because the "id_token" value will be received by Web server... 2019-02-05, 172👍, 0💬

Validate Google OpenID Connect id_token Signature
How to validate the id_token signature received from Google OpenID Connect authentication response? You can try to validate the "id_token" signature with your own code logic in these steps: 1. Take out the "kid" value from "Header" component of the "id_token". This will be used to identify the publi... 2019-02-05, 172👍, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.