I have an android app with Google sign-in. As per the documentation, I generated a token ID:
// Configure Google Sign-In with the requestIdToken
GoogleSignInOptions googleSignInOptions = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken(getString(R.string.server_client_id))
.requestEmail()
.build();
// Handle result
private void handleSignInResult(GoogleSignInResult result) {
if (result.isSuccess()) {
GoogleSignInAccount account = result.getSignInAccount();
String tokenId = account.getIdToken();
}
}
I'm facing the problem on the server side, with Ruby on Rails. I'm trying to use google-id-token gem. The README gives the following example:
validator = GoogleIDToken::Validator.new(expiry: 1800)
begin
payload = validator.check(token, required_audience, required_client_id)
email = payload['email']
rescue GoogleIDToken::ValidationError => e
report "Cannot validate: #{e}"
end
I have the token
(from the android java code). What is required_audience
? Should I use the same client_id
of my client app? When I try to run the code on server, I'm getting payload as nil
.
Also, I would like to know if this is the right way to verify the token ID.
After some research, I found answers to my own questions. Here are they:
What is required_audience?
It can be obtained from decoded JWT string. You can decode it as follows:
JWT.decode(token, nil, false)
Should I use the same client_id of my client app?
Yes. The required_audience
and required_client_id
should be same. Otherwise, verification fails
Then why was I getting payload as nil
?
The problem is, the gem in GitHub and the one in RubyGems are different. I solved this problem by pointing Gemfile gem to GitHub:
gem 'google-id-token', git: 'https://github.com/google/google-id-token.git'
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With