Code Fragments
Here’s a Java class that implements an ID-Token checker using the Google Java libraries:
import java.io.IOException; import java.security.GeneralSecurityException; import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken; import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier; import com.google.api.client.http.javanet.NetHttpTransport; import com.google.api.client.json.JsonFactory; import com.google.api.client.json.gson.GsonFactory; public class Checker { private final ListmClientIDs; private final String mAudience; private final GoogleIdTokenVerifier mVerifier; private final JsonFactory mJFactory; private String mProblem = "Verification failed. (Time-out?)"; public Checker(String[] clientIDs, String audience) { mClientIDs = Arrays.asList(clientIDs); mAudience = audience; NetHttpTransport transport = new NetHttpTransport(); mJFactory = new GsonFactory(); mVerifier = new GoogleIdTokenVerifier(transport, mJFactory); } public GoogleIdToken.Payload check(String tokenString) { GoogleIdToken.Payload payload = null; try { GoogleIdToken token = GoogleIdToken.parse(mJFactory, tokenString); if (mVerifier.verify(token)) { GoogleIdToken.Payload tempPayload = token.getPayload(); if (!tempPayload.getAudience().equals(mAudience)) mProblem = "Audience mismatch"; else if (!mClientIDs.contains(tempPayload.getIssuee())) mProblem = "Client ID mismatch"; else payload = tempPayload; } } catch (GeneralSecurityException e) { mProblem = "Security issue: " + e.getLocalizedMessage(); } catch (IOException e) { mProblem = "Network problem: " + e.getLocalizedMessage(); } return payload; } public String problem() { return mProblem; } }
If you wanted to do this in Ruby, you’d want to install the google-id-token Ruby gem, and do something like this:
require 'google-id-token' validator = GoogleIDToken::Validator.new jwt = validator.check(token, required_audience, required_client_id) if jwt email = jwt['email'] else report "Cannot validate: #{validator.problem}" end
No comments:
Post a Comment