c# - Parsing Google OpenID Callback -
long story short, want id_token google using openid connect standard. want authentication requests native android app in order use mvc application api.
problem is, when set "response_type=id_token" request exchange one-time access code google, responds parameters in url fragment: http://mycallbackuri.com#id_token=<whatever>&refresh_token=<whatever>
as know, fragment stuff doesn't ever touch server. can put javascript middle-man in there, handle request , hash out goodies, post them mvc endpoint.
in case of android requests, however, becomes problem: how supposed preserve original android request when have make new request tokens on server side?
just background, have android app getting access code google , sending web application. web application supposed exchange id_token , set necessary cookies authenticated.
anybody know how can accomplish this? maybe there's different flow need use, or need id_token in app , send along api, verify id_token, , mark request authenticated?
i can post code if think it'll help.
response_type=id_token trigger implicit flow delivers token in url fragment, primarly meant used in-browser clients.
use response_type=code , make sure add scope openid authentication request code in query parameter backend can pickup , subsequently both access_token , id_token in response token endpoint. called openid connect basic client profile, see: https://openid.net/specs/openid-connect-basic-1_0.html#tokenok
Comments
Post a Comment