Tools, FAQ, Tutorials:
Validate Google OpenID Connect id_token Signature
How to validate the id_token signature received from Google OpenID Connect authentication response?
✍: FYIcenter.com
You can try to validate the "id_token" signature with your own code logic in these steps:
1. Take out the "kid" value from "Header" component of the "id_token". This will be used to identify the public key Google OpenID Connect service used to sign the "id_token". The "kid" value is replacing the "x5t" value. So stop using the "x5t" value.
Header = Header = { "alg": "RS256", "kid": "08d3245c62f86b6362afcbbffe1d069826dd1dc1", "typ": "JWT" }
2. Get certificates of all Google public keys from https://www.googleapis.com/oauth2/v1/certs. This URL is included in the metadata document in your application registration.
{ "b15a2b8f7a6b3f6bc08bc1c56a88410e146d01fd": "-----BEGIN CERTIFICATE-----\nMIIDJjCCAg6gAwIBAgIIM7dsQ7..." "08d3245c62f86b6362afcbbffe1d069826dd1dc1": "-----BEGIN CERTIFICATE-----\nMIIDJjCCAg6gAwIBAgIIGGqu9B..." }
3. Find the certificate of the public key that matches the "kid" value from the id_token.
4. Validate the "Signature" component of the "id_token" with this public key certificate.
⇒ Google OpenID Connect Access Token Request
⇐ Validate Google OpenID Connect id_token
2019-02-05, 1551🔥, 0💬
Popular Posts:
How to start Docker Daemon, "dockerd", on CentOS systems? If you have installed Docker on your CentO...
How to make application release build with Visual Studio 2017? If you want to make a final release b...
How To Access a Global Variable inside a Function? in PHP? By default, global variables are not acce...
How to use "json-to-xml" Azure API Policy Statement? The "json-to-xml" Policy Statement allows you t...
How To Protect Special Characters in Query String in PHP? If you want to include special characters ...