DataFlex
DataFlex
Validate a Google ID Token
See more OAuth2 Examples
Demonstrates how to verify the signature of a Google id token.Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Handle hoHttp
String sJwkStr
Handle hoJson
Handle hoJsonToken
Handle hoSbIdToken
String sSig_b64Url
String sHeaderPlusPayload
Handle hoRsa
Variant vJsonKey
Handle hoJsonKey
Variant vPubKey
Handle hoPubKey
Integer iNumKeys
Integer i
Boolean iBVerified
String sTemp1
Boolean bTemp1
Move False To iSuccess
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
Get Create (RefClass(cComChilkatHttp)) To hoHttp
If (Not(IsComObjectCreated(hoHttp))) Begin
Send CreateComObject of hoHttp
End
// First get the public key we'll be needing..
Get ComQuickGetStr Of hoHttp "https://www.googleapis.com/oauth2/v3/certs" To sJwkStr
Get ComLastMethodSuccess Of hoHttp To bTemp1
If (bTemp1 = False) Begin
Get ComLastErrorText Of hoHttp To sTemp1
Showln sTemp1
Procedure_Return
End
// We have the following:
// {
// "keys": [
// {
// "kid": "e8732db06287515556213b80acbcfd08cfb302a9",
// "n": "4RIrO30287Wsq3gqXCMkUYMVAeI3H8...w2mbMNEBQ",
// "kty": "RSA",
// "e": "AQAB",
// "alg": "RS256",
// "use": "sig"
// },
// {
// "kid": "8462a71da4f6d611fc0fecf0fc4ba9c37d65e6cd",
// "e": "AQAB",
// "n": "xT_ngLZNmT5GBtJZeTB...Ft4gK0eoFi0d3l8bcw",
// "alg": "RS256",
// "use": "sig",
// "kty": "RSA"
// }
// ]
// }
Get Create (RefClass(cComChilkatJsonObject)) To hoJson
If (Not(IsComObjectCreated(hoJson))) Begin
Send CreateComObject of hoJson
End
Get ComLoad Of hoJson sJwkStr To iSuccess
// -------------------------------------------------
// Load the following..
// {
// "access_token": "ya29.a0...0f",
// "expires_in": 3599,
// "scope": "openid https://www.googleapis.com/auth/userinfo.email",
// "token_type": "Bearer",
// "id_token": "eyJhb...o5nQ"
// }
Get Create (RefClass(cComChilkatJsonObject)) To hoJsonToken
If (Not(IsComObjectCreated(hoJsonToken))) Begin
Send CreateComObject of hoJsonToken
End
Get ComLoadFile Of hoJsonToken "qa_data/tokens/google_sample_id_token.json" To iSuccess
If (iSuccess = False) Begin
Showln "Failed to load the JSON file..."
Procedure_Return
End
// Get the id_token;
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbIdToken
If (Not(IsComObjectCreated(hoSbIdToken))) Begin
Send CreateComObject of hoSbIdToken
End
Get ComStringOf Of hoJsonToken "id_token" To sTemp1
Get ComAppend Of hoSbIdToken sTemp1 To iSuccess
// Get the signature in base64url format.
// The header + payload remains in sbIdToken.
Get ComGetAfterFinal Of hoSbIdToken "." True To sSig_b64Url
Get ComGetAsString Of hoSbIdToken To sHeaderPlusPayload
Showln sSig_b64Url
Showln sHeaderPlusPayload
// ---------------------------------------------
// Try validating with each cert's public key.
// Hopefully one will be the key that verifies.
Get Create (RefClass(cComChilkatRsa)) To hoRsa
If (Not(IsComObjectCreated(hoRsa))) Begin
Send CreateComObject of hoRsa
End
Set ComEncodingMode Of hoRsa To "base64url"
Get Create (RefClass(cComChilkatJsonObject)) To hoJsonKey
If (Not(IsComObjectCreated(hoJsonKey))) Begin
Send CreateComObject of hoJsonKey
End
Get Create (RefClass(cComChilkatPublicKey)) To hoPubKey
If (Not(IsComObjectCreated(hoPubKey))) Begin
Send CreateComObject of hoPubKey
End
Get ComSizeOfArray Of hoJson "keys" To iNumKeys
Move 0 To i
While (i < iNumKeys)
Set ComI Of hoJson To i
Get pvComObject of hoJsonKey to vJsonKey
Get ComObjectOf2 Of hoJson "keys[i]" vJsonKey To iSuccess
Get ComEmit Of hoJsonKey To sTemp1
Get ComLoadFromString Of hoPubKey sTemp1 To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPubKey To sTemp1
Showln sTemp1
Procedure_Return
End
Showln i
Get ComGetPem Of hoPubKey True To sTemp1
Showln sTemp1
Get pvComObject of hoPubKey to vPubKey
Get ComUsePublicKey Of hoRsa vPubKey To iSuccess
Get ComVerifyStringENC Of hoRsa sHeaderPlusPayload "sha256" sSig_b64Url To iBVerified
Showln "bVerified = " iBVerified
Move (i + 1) To i
Loop
// The output is:
// 0
// -----BEGIN RSA PUBLIC KEY-----
// MIIBCgKCAQEA4RIrO30287Wsq3gqXCMkUYMVAeI3H8LVE6IXR1krdFeGnZLiGUPw
// cbkeVpXf3lmJdsStOg+jijces2DZCfPyIBiQuLYfxxmAZE6ErJ0QJFg1stwli2Pz
// 9ncYhFoqi8pXr7kEzEJBTzX4thuw56ydbGsshSEznPXoerCJOc7UI2+n0wFCWQ4Y
// LHbh/PrWt4vdadyUUUW/QpQHXQLdD8q/Qwqdj0O9zlJE7R6Elw2E9EqnHyIGu1hm
// LxhqrTru1M18SUhONYbVskV/BCEdVKs//X96849HorWQDCAgVMWfGsdMVq55FAdJ
// 680N5UmQDRynIZ4+PeNGN4S9iw2mbMNEBQIDAQAB
// -----END RSA PUBLIC KEY-----
//
// bVerified = True
// 1
// -----BEGIN RSA PUBLIC KEY-----
// MIIBCgKCAQEAxT/ngLZNmT5GBdkLtJZjNeTB+8B5yWgrq/e5eMZ1hrZhcmLK+dSn
// IkpOPV8/OekV67EnQ7I4II2rcNJnHGrGKZziXO3XN2gtUHE+mBJC99oULSbX/QwB
// Kz7gC/IBPq9EuxTt6Oq6fPkVQ9DbRIgWJSEGBF/KRaNl3kyAlIZfpY7XgHyJTTv8
// E7yAcYKPR+36gzdl+ps0sDLKzUuAtZNq8llK0u80z6AtAUIYwWdkEhM9upy6keKI
// TasIxcsO7M6kZPINUSbh6t5VAm8FuqRmxpgg+9c9/GQSGd89InVypoVzWLQ+wOGg
// 5G4H6JqIgtj0TRFt4gK0eoFi2U0d3l8bcwIDAQAB
// -----END RSA PUBLIC KEY-----
//
// bVerified = False
End_Procedure