All geek questions in one place

Migrating from Google OpenID to the new OAuth 2

I see that there are some questions about this already, but none of them have found any details.

I already used my own code from DotNetOpenAuth, but now I decided to switch to Microsoft Wrapper for authentication. Anyway, I found this a really good OAuth Client:

https://github.com/mj1856/DotNetOpenAuth.GoogleOAuth2

It seems to be working fine, but now it comes to the migration part. In my current login system, I save the full OpenID URL that Google returns, in the form:

https://www.google.com/accounts/o8/id?id= ????????????????????????????????? ????

According to the documentation here https://developers.google.com/accounts/docs/OpenID I have to somehow get this value using the new OAuth system.

I included the parameter "openid.realm" in the Auth request.

    return BuildUri(AuthorizationEndpoint, new NameValueCollection
        {
            { "response_type", "code" },
            { "client_id", _clientId },
            { "scope", string.Join(" ", scopes) },
            { "redirect_uri", returnUrl.GetLeftPart(UriPartial.Path) },
            { "state", state },
            { "openid.realm", "http://myoldopenidrealm" }
        });

And as far as I understand the documentation, which should be all that I need to do. I made sure that the Realm that I used for my OpenID 2 authentication is the same, and it also matches my return url.

After I have done this, I execute this token, and as I understand it, here I should see the "open_id" field, but I can’t figure out how to get it.

protected override string QueryAccessToken(Uri returnUrl, string authorizationCode) {
    var postData = HttpUtility.ParseQueryString(string.Empty);
    postData.Add(new NameValueCollection
        {
            { "grant_type", "authorization_code" },
            { "code", authorizationCode },
            { "client_id", _clientId },
            { "client_secret", _clientSecret },
            { "redirect_uri", returnUrl.GetLeftPart(UriPartial.Path) },
        });

    var webRequest = (HttpWebRequest)WebRequest.Create(TokenEndpoint);

    webRequest.Method = "POST";
    webRequest.ContentType = "application/x-www-form-urlencoded";

    using (var s = webRequest.GetRequestStream())
    using (var sw = new StreamWriter(s))
        sw.Write(postData.ToString());

    using (var webResponse = webRequest.GetResponse()) {
        var responseStream = webResponse.GetResponseStream();
        if (responseStream == null)
            return null;

        using (var reader = new StreamReader(responseStream)) {
            var response = reader.ReadToEnd();
            var json = JObject.Parse(response);
            var accessToken = json.Value<string>("access_token");
            return accessToken;
        }
    }
}

This is what the documentation says, and I see neither the "sub" field nor the "openid_id".

* (access_token ..), openid_id OpenID Connect. , , - openid_id sub: *

+4
1

sub openid_id OpenID Connect , .

( , ), , , OpenID Connect ( id_token response_type, ).

, !

-

, ID

(, oauthplayground - OAuth2/OpenID Connect)

http-/. , API Google

{ "access_token": "ya29.XYZ", "token_type": "", "expires_in": 3600, "refresh_token": "1/KgXYZ", "id_token": "my.id.token" }

base 64 ID ( "id" ) . 64 - (, https://www.base64decode.org/).

+2

Source: https://habr.com/ru/post/1532308/

More articles:


All Articles