All geek questions in one place

Google Oauth2 verifyIdToken returns invalid token signature with valid id_token

I am trying to work with google php client Oauth2 api to check id_token. Id_token is provided by a javascript application in which the user enters their google account and I pass this token to my php api server to check it and get the correct information from my bdd.

The javascript login is successful and the access and id_token seem to be correct, but when I try to verify it with Google_Client-> verifyIdToken ()

$client = new Google_Client();
$ticket = $client->verifyIdToken(myToken);

it returns an invalid token signature exception (when trying to use a google certificate to validate a token).

My first guess was to think that the token is invalid, so to do this, I sent it to the google validation URL https://www.googleapis.com/oauth2/v1/tokeninfo?id_token=token

it returns user information, so my token looks valid:

{
issuer: "accounts.google.com",
issued_to: "id",
audience: "id",
user_id: "id",
expires_in: 2149,
issued_at: 1397636222,
email: "mail",
verified_email: true
}

I tried everything that I could think of, but I can not solve this problem. Can anybody help me?

EDIT : I only give it the id_token, which I get when I authenticate my javascript application

access_token: "ya ... Es"
authuser: "1"
client_id: "81 ... .apps.googleusercontent.com"
code: "4/9... gI"
cookie_policy: "single_host_origin"
expires_at: "1397723048"
expires_in: "3600"
g-oauth-window: Window
g_user_cookie_policy: "single_host_origin"
hd: "dmic.fr"
id_token: "ey... d8E" <====================================
issued_at: "1397719448"
num_sessions: "2"
prompt: "none"
response_type: "code token id_token gsession"
scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/plus.me"
session_state: "9 ... 2162..936b"
state: ""
status: Object
token_type: "Bearer"

at some point, I also tried passing the entire access_token to $ client-> setAccessToken () and calling $ client-> verifyIdToken () without parameters (extract id_token from acess_token itself) with the same result.

All the code that I use is already submitted, I also tried setting apikey, client_id, client_secret, with no result

+4
source share
2 answers

, " " oauth2client, API tokeninfo.

, , crypto lib, oauth2client, , pycrypto 2.6 pyopenssl 0.15.1. , PyCrypto?

EDIT: , , PyCrypto. 20 : D

https://github.com/google/oauth2client/issues/201

+1

, verifyIdToken, , , .

code Javascript, , PHP . PHP Client . verifyIdToken . - :

$client = new Google_Client();

// Setup Client Id and secret
...

//Authenticate client with the code posted via javascript
$client->authenticate($code);

// Verify the id token
$verifiedToken = $client->verifyIdToken();

PHP API Google, , , API.

+1

Source: https://habr.com/ru/post/1536745/

More articles:


All Articles