-
Notifications
You must be signed in to change notification settings - Fork 0
JSON Web Tokens (JWT) validation
Nate River edited this page Aug 6, 2023
·
10 revisions
Google returns id_token as a part of token response.
Note: This property is only returned if your request included an identity scope, such as openid, profile, or email. The value is a JSON Web Token (JWT) that contains digitally signed identity information about the user.
You can use JWT class from my asset to parse JWT and validate its' signature. If you have ASP.NET backend, move this class to it.
If you need to send nonce with token request, refer to state (my asset generates random GUIDs for state).
- Response format: https://developers.google.com/identity/protocols/oauth2/native-app#handlingresponse
- JWT validation: https://developers.google.com/identity/openid-connect/openid-connect#validatinganidtoken
- Public keys for signature validation: https://www.googleapis.com/oauth2/v3/certs
- JWT debugger: https://jwt.io/