I am finding the way to validate ID token for Google sign-in for Android with a Go backend server project.
What is the equivalent function for validating ID tokens by using a Google API Client Library in Go?
From this page on Using a Google API Client Library section
https://developers.google.com/identity/sign-in/android/backend-auth#using-a-google-api-client-library
There are Java and Python examples and there are links for verify ID tokens with the Google API Client Library for PHP, Node.js, and other languages. I checked for my target language; Go here
https://github.com/google/google-api-go-client/blob/master/GettingStarted.md
However, I found not equivalent function for validating token like in Java and Python example. Is there any function in Go for doing such thing?
I don't want to use token info endpoint
https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=XYZ123
since it introduces possible latency and network error. I wish to use Google API Client Library. Please guide me where should I look into.
After you receive the ID token by HTTPS POST, you must verify the integrity of the token. To verify that the token is valid, ensure that the following criteria are satisfied: The ID token is properly signed by Google. Use Google's public keys (available in JWK or PEM format) to verify the token's signature.
You can refresh an Identity Platform ID token by issuing an HTTP POST request to the securetoken.googleapis.com endpoint. The refresh token's grant type, always "refresh_token".
The ID token is properly signed by Google. Use Google's public keys (available in JWK or PEM format) to verify the token's signature. These keys are regularly rotated; examine the Cache-Control header in the response to determine when you should retrieve them again. The value of aud in the ID token is equal to one of your app's client IDs.
Use Google's public keys (available in JWK or PEM format) to verify the token's signature. These keys are regularly rotated; examine the Cache-Control header in the response to determine when you should retrieve them again. The value of aud in the ID token is equal to one of your app's client IDs.
Google Sign-In for Websites: Authentication with backends If you use Google Sign-In with an app or site that communicates with a backend server, you might need to identify the currently signed-in user on the server. To do so securely, after a user successfully signs in, send the user's ID token to your server using HTTPS.
To support authentication using a Google ID token: Add the following to the security definition in your OpenAPI document: # Optional. Replace YOUR-CLIENT-ID with your client ID Add a security section at either the API level to apply to the entire API, or at the method level to apply to a specific method.
It's very easy and has a one-liner solution. Just use the Official library:
go get google.golang.org/api/idtoken"
and then write this code:
payload, err := idtoken.Validate(context.Background(), request.IdToken, "your google client id")
if err != nil {
panic(err)
}
fmt.Print(payload.Claims)
Then you will get this output:
map[
aud:<Your web application client id>
azp:<Your android application client id>
email:<Authenticated user email>
email_verified:true
exp:<expire at>
family_name:<Authenticated user lastname>
given_name:<Authenticated user firstname>
iat:<issued at>
iss: <accounts.google.com or https://accounts.google.com>
locale:en
name:<Authenticated User fullname>
picture:<Authenticated User Photo URL>
sub: <Google Account ID [Use this to identify a id uniquely]>
]
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With