Decode Google OpenID Connect id

Decode Google OpenID Connect id_token

Q

How to decode the id_token value received from Google OpenID Connect authentication response?

✍: FYIcenter.com

A

According to the "RFC 7519 - JWT (JSON Web Token)" standard, the "id_token" value received from Google OpenID Connect authentication response should be decoded as below:

Splitting the encoded string into 3 components: Header, Body, and Signature by the dot "." delimiter: headerEncoded.bodyEncoded.signatureEncoded
Get the header in JSON string as headerJSON = base64url_decode(headerEncoded).
Get the body in JSON string as bodyJSON = base64url_decode(bodyEncoded).
Get the signature in JSON string as signatureJSON = base64url_decode(signatureEncoded).

Here is an example of an "id_token" value returned from Google OpenID Connect after Base64URL decoded:

Header =
{ "alg": "RS256",
  "kid": "08d3245c62f86b6362afcbbffe1d069826dd1dc1",
  "typ": "JWT"
}

Body =
{ "iss":"accounts.google.com",
  "at_hash":"HK6E_P6Dh8Y93mRNtsDB1Q",
  "email_verified":"true",
  "sub":"10769150350006150715113082367",
  "azp":"9150833677096-....apps.googleusercontent.com",
  "email":"jsmith@example.com",
  "aud":"9150833677096-....apps.googleusercontent.com",
  "iat":1353601026,
  "exp":1353604926,
  "nonce": "0394852-3190485-2490358",
  "hd":"example.com" 
}
 
Signature = 
...

Detail description of each field can be found in Google article: "OpenID Connect".

⇒ Validate Google OpenID Connect id_token

⇐ Build Implicit Flow with Google OpenID Connect

⇑ Google OpenID Connect Integration

⇑⇑ OpenID Tutorials

2022-02-04, 3756🔥, 0💬

Validate Google OpenID Connect id_token Signature
How to validate the id_token signature received from Google OpenID Connect authentication response? You can try to validate the "id_token" signature with your own code logic in these steps: 1. Take out the "kid" value from "Header" component of the "id_token". This will be used to identify the publi... 2019-02-05, ∼1886🔥, 0💬

Process Google OpenID Connect Access Token Request
How to the Google OpenID Connect access token Request is process by Google OpenID Connect service? When Google OpenID Connect service receives an access token Request from a Web server, it will: Verify if the "client_id" value in the request is valid. If not, display an error message page to the end... 2019-02-05, ∼1756🔥, 0💬

Google OpenID Connect Access Token Request
What is the Google OpenID Connect Access Token Request? If you want to implement the authentication code flow, also called server flow, to integrate your application with Google OpenID Connect, you need to have a good understanding of the Google OpenID Connect access token request, which is the seco... 2019-02-05, ∼1751🔥, 0💬

Google OpenID Authentication Request Test
How to build a Google OpenID Authentication Request Test page? The Authentication Request is the first call to the Google OpenID Connect service. You can build a simple Web form page to test different behavior of the Authentication Request. Here is an example, Google-OpenID-Authentication-R equest-Te... 2022-04-13, ∼1711🔥, 0💬

Initiate Google OpenID Connect Access Token Request
How to initiate Google OpenID Connect Access Token Request? The Google OpenID Connect Access Token Request should be initiated from your application Web server. This is why the authentication code flow is more secure than the implicit flow, because the "id_token" value will be received by Web server... 2019-02-05, ∼1687🔥, 0💬

Authentication Response Received from Google OpenID Connect
How to process the authentication response received from Google OpenID Connect service after sending an authentication request? After Google OpenID Connect service receives an authentication request from the end user's Web browser, it will process the request and redirect the Web browser to the "red... 2021-03-07, ∼1642🔥, 0💬

Validate Google OpenID Connect id_token
How to validate the id_token value received from Google OpenID Connect authentication response? As you can see from the previous tutorials, you can easily decode the "id_token" value received from Google OpenID Connect authentication response using a simple PHP script. After decoding, you can get al... 2022-02-04, ∼1616🔥, 0💬

Process Google OpenID Connect Authentication Request
How to the Google OpenID Connect Authentication Request is process by Google OpenID Connect service? When Google OpenID Connect service receives a Authentication Request from an end user's Web browser, it will: Verify if the "client_id" value in the request is valid. If not, display an error message... 2021-03-07, ∼1533🔥, 0💬

Capture Google OpenID Connect Authentication Response
How to capture the Google OpenID Connect Authentication Response? If you are use the Google-OpenID-Connect-Test-Pag e.htmltest Web form using "response_type=id_token" to test the implicit flow, you can capture the id_token value with the browser. 1. Run Google-OpenID-Connect-Test-Pag e.htmlin a Web ... 2022-03-29, ∼1501🔥, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.