Can I use jwcrypto to validate a Google generated OAuth2 id_token?

Building on the work in this question: What is the proper way to validate google granted OAuth tokens in a node.js server?

Can I use the jwcrypto library to validate a Google OAuth2 token in a node.js server? I have the 857 byte token given by Google, which validates using Google's web endpoint at https://www.googleapis.com/oauth2/v1/tokeninfo?id_token=. In theory I can use the token plus the Google's certs available here They look like this:

{
859c1234d08e008cc261ff11de5f8da1b8c4d490: "-----BEGIN CERTIFICATE----- <stuff> -----END CERTIFICATE----- ",
ad2a50cb70c5da789ee26d05b8f621a99e81202e: "-----BEGIN CERTIFICATE----- <stuff> -----END CERTIFICATE----- "
}

So far I've been unable to even load the keys into jwcrypto using the loadPublicKey method. Presumably once I get this working I can call the verify method. Are there any working examples of this online?

Answers


I've just added a new npm modules that decodes and validates Google's id_token. You can find the code here: https://github.com/gmelika/google-id-token

Usage is fairly straightforward:

var googleIdToken = require('google-id-token');
var parser = new googleIdToken({ getKeys: getGoogleCerts });
parser.decode(sampleGoogleIDToken, function(err, token) {
    if(err) {
        console.log("error while parsing the google token: " + err);
    } else {
        console.log("parsed id_token is:\n" + JSON.stringify(token));
    }
});

the getGoogleCerts function referenced above is a user supplied function that would return the appropriate Google certificate based on the supplied key. A very basic example of this is:

var request = require('request');
function getGoogleCerts(kid, callback) {
    request({uri: 'https://www.googleapis.com/oauth2/v1/certs'}, function(err, response, body){
        if(err && response.statusCode !== 200) {
            err = err || "error while retrieving the google certs";
            console.log(err);
            callback(err, {})
        } else {
            var keys = JSON.parse(body);
            callback(null, keys[kid]);
        }
    });
}

Obviously you would want to add caching in there. Feel free to use your favorite caching mechanism to do that.

Hope that helps.


Not likely to work, we haven't tested this use case and our public key formats in jwcrypto are custom right now, waiting for JWK to be fully standardized.


Need Your Help

Set Years to maximum in UIDatePicker

ios github nsdateformatter uidatepicker

I am using a custom uidatepicker for my app from

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.