c# - Parsing Google OpenID Callback -


long story short, want id_token google using openid connect standard. want authentication requests native android app in order use mvc application api.

problem is, when set "response_type=id_token" request exchange one-time access code google, responds parameters in url fragment: http://mycallbackuri.com#id_token=<whatever>&refresh_token=<whatever>

as know, fragment stuff doesn't ever touch server. can put javascript middle-man in there, handle request , hash out goodies, post them mvc endpoint.

in case of android requests, however, becomes problem: how supposed preserve original android request when have make new request tokens on server side?

just background, have android app getting access code google , sending web application. web application supposed exchange id_token , set necessary cookies authenticated.

anybody know how can accomplish this? maybe there's different flow need use, or need id_token in app , send along api, verify id_token, , mark request authenticated?

i can post code if think it'll help.

response_type=id_token trigger implicit flow delivers token in url fragment, primarly meant used in-browser clients.

use response_type=code , make sure add scope openid authentication request code in query parameter backend can pickup , subsequently both access_token , id_token in response token endpoint. called openid connect basic client profile, see: https://openid.net/specs/openid-connect-basic-1_0.html#tokenok


Comments

Popular posts from this blog

shopping cart - Page redirect not working PHP -

php - How to modify a menu to show sub-menus -

python - Installing PyDev in eclipse is failed -