Stack Overflow
Stack Overflow

Questions tagged [google-openidconnect]

28 questions
8
votes
1 answer

Using openid-connect for authentication spa and rest api

I have an API Server (Resource server) and multiple apps, Web GUI (SPA) and a Desktop client and maybe more coming. I'd like to use openid-connect besides http basic authentication for my API Server. It should be configurable which openid provider…
raffis
  • 546
  • 1
  • 5
  • 18
8
votes
0 answers

Why doesn't "prompt: 'none'" work well in Google SignIn?

I wrote some codes to build web app using Google SignIn. First, initiallize API platform, gAuth = gapi.auth2.init( { client_id: gAuthClientId, fetch_basic_profile: false, scope: gAuthScope } ); and make user to sign in. gAuth.signIn({ …
nandenjin
  • 91
  • 4
5
votes
1 answer

UseOpenIdConnectAuthentication - Unable to unprotect the message.State Error Message

I am trying to add Google and Azure Active Directory authorities as OpenIdConnect options in my application. If i add each of them separately, it works fine. But if i add them both i get the following error message: Unable to unprotect the…
alessalessio
  • 1,224
  • 1
  • 15
  • 28
4
votes
2 answers

Can I get a consistent 'iss' value for a Google OpenIDConnect id_token?

I'm using Google's OpenIDConnect authentication, and I want to validate the JWT id_token returned from Google. However, the documentation seems inconsistent about what value Google returns for the iss (issuer) claim in the ID token. One page says,…
bjmc
  • 2,970
  • 2
  • 32
  • 46
3
votes
1 answer

Will the openid scope "https://www.googleapis.com/auth/plus.me" be affected by the Google+ shutdown?

I would like to know if the following scope URI would be affected by the Google+ shutdown or not. https://www.googleapis.com/auth/plus.me This scope is named "openid" in the "OAuth consent screen" tab of Google API Console and has "plus.me" in the…
ryo.fastriver
  • 39
  • 6
3
votes
1 answer

User list for mod-auth-openidc

I have set-up openidc for apache2 on Ubuntu 14.04 LTS from the read me. Everything is running smoothly (I think) EXCEPT I can't find any documentation for how to configure an allowed user (white) list. I have a very small stable user list so I would…
Alex Mena
  • 43
  • 3
2
votes
0 answers

GoogleIdTokenVerifier.verify always returns null

I am trying to validate a JWT Token sent by Google to my application . I am using the below code to validate the JWT token but verifier.verify(token) always returns null even if the token is valid. I have tested the token in another NodeJS code i…
vignesh d
  • 235
  • 3
  • 6
  • 15
2
votes
1 answer

Are Google OpenID Connect error responses conformant?

I'm integrating to Google OpenID Connect as a relying party, using the authorization code flow. If I send in an invalid parameter in the AuthenticationRequest, e.g. an invalid value for scope, Google presents the error in a web page saying e.g.…
Magnus Hoflin
  • 73
  • 4
2
votes
1 answer

What is the purpose of the --oidc-client-id parameter when setting Kubernetes up to use OpenID Connect?

The Kubernetes documentation related to OpenID Connect mentions that as part of setting things up you need to supply some parameters to the API server: --oidc-client-id: A client id that all tokens must be issued for. There is no other explanation…
Laird Nelson
  • 15,321
  • 19
  • 73
  • 127
2
votes
1 answer

Why is Google's OpenId Connect API not sending back all claims?

Google's OpenId Connect discovery document shows that the supported Claims are: "claims_supported": [ "aud", "email", "email_verified", "exp", "family_name", "given_name", "iat", "iss", "locale", "name", "picture", …
Rob L
  • 3,073
  • 6
  • 31
  • 61
2
votes
1 answer

Retrieve user groups in google for work

I'm building a backoffice aplication and want to leverage our companies Google for Work directory for authentication. Is there a way to retrieve the groups a user belongs to within the organization? Maybe to get them in the claims when…
evilpilaf
  • 1,991
  • 2
  • 21
  • 38
1
vote
0 answers

Google openid connect - How to create an access-token with specific custom and scopes

I am creating a web application, I am enabled the login with google openid connect and it is working. Now I want to protect the resources (rest api) with the access_token but I am not finding how to pass a custom audience (https://api.myapp.com) and…
Arsenio Aguirre
  • 163
  • 1
  • 1
  • 13
1
vote
2 answers

No email or email_verified claim in Google ID token

Our app allows users to sign in with Google account and uses Google API client library for ID token validation. According to the Google doc, email claim is supposed to be contained in the ID token payload when the scope includes the email scope…
manh
  • 11
  • 1
1
vote
0 answers

Flask JWT Extension throws exception when validating a Google JWT token

I have a SPA application. Each client request contains an Authorization: Bearer retrieved from google https://developers.google.com/identity/protocols/OpenIDConnect (google creates the JWT token) When authenticating endpoints (graphQL…
Vicens Fayos
  • 740
  • 1
  • 5
  • 18
1
vote
2 answers

OpenID Connect: inconsistent refresh token behaviour between different Identity Providers

I'm implementing a Service Provider and currently observing inconsistent behaviour by different Identity Providers, regarding getting refresh tokens. I'm going to attach my Service Provider golang code in the bottom, in case it might help someone or…
Alechko
  • 1,406
  • 1
  • 13
  • 27
1
2