Sample code for 30+ languages & platforms
Visual FoxPro

Validate a Google ID Token

See more OAuth2 Examples

Demonstrates how to verify the signature of a Google id token.

Chilkat Visual FoxPro Downloads

Visual FoxPro
LOCAL lnSuccess
LOCAL loHttp
LOCAL lcJwkStr
LOCAL loJson
LOCAL loJsonToken
LOCAL loSbIdToken
LOCAL lcSig_b64Url
LOCAL lcHeaderPlusPayload
LOCAL loRsa
LOCAL loJsonKey
LOCAL loPubKey
LOCAL lnNumKeys
LOCAL i
LOCAL lnBVerified

lnSuccess = 0

* This example requires the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.

loHttp = CreateObject('Chilkat.Http')

* First get the public key we'll be needing..
lcJwkStr = loHttp.QuickGetStr("https://www.googleapis.com/oauth2/v3/certs")
IF (loHttp.LastMethodSuccess = 0) THEN
    ? loHttp.LastErrorText
    RELEASE loHttp
    CANCEL
ENDIF

* We have the following:

*     {
*       "keys": [
* 	{
* 	  "kid": "e8732db06287515556213b80acbcfd08cfb302a9",
* 	  "n": "4RIrO30287Wsq3gqXCMkUYMVAeI3H8...w2mbMNEBQ",
* 	  "kty": "RSA",
* 	  "e": "AQAB",
* 	  "alg": "RS256",
* 	  "use": "sig"
* 	},
* 	{
* 	  "kid": "8462a71da4f6d611fc0fecf0fc4ba9c37d65e6cd",
* 	  "e": "AQAB",
* 	  "n": "xT_ngLZNmT5GBtJZeTB...Ft4gK0eoFi0d3l8bcw",
* 	  "alg": "RS256",
* 	  "use": "sig",
* 	  "kty": "RSA"
* 	}
*       ]
*     }

loJson = CreateObject('Chilkat.JsonObject')
lnSuccess = loJson.Load(lcJwkStr)

* -------------------------------------------------

* Load the following..

*  {
*   "access_token": "ya29.a0...0f",
*   "expires_in": 3599,
*   "scope": "openid https://www.googleapis.com/auth/userinfo.email",
*   "token_type": "Bearer",
*   "id_token": "eyJhb...o5nQ"
* }

loJsonToken = CreateObject('Chilkat.JsonObject')
lnSuccess = loJsonToken.LoadFile("qa_data/tokens/google_sample_id_token.json")
IF (lnSuccess = 0) THEN
    ? "Failed to load the JSON file..."
    RELEASE loHttp
    RELEASE loJson
    RELEASE loJsonToken
    CANCEL
ENDIF

* Get the id_token;
loSbIdToken = CreateObject('Chilkat.StringBuilder')
lnSuccess = loSbIdToken.Append(loJsonToken.StringOf("id_token"))

* Get the signature in base64url format.
* The header + payload remains in sbIdToken.
lcSig_b64Url = loSbIdToken.GetAfterFinal(".",1)
lcHeaderPlusPayload = loSbIdToken.GetAsString()

? lcSig_b64Url
? lcHeaderPlusPayload

* ---------------------------------------------

* Try validating with each cert's public key.
* Hopefully one will be the key that verifies.

loRsa = CreateObject('Chilkat.Rsa')
loRsa.EncodingMode = "base64url"

loJsonKey = CreateObject('Chilkat.JsonObject')
loPubKey = CreateObject('Chilkat.PublicKey')

lnNumKeys = loJson.SizeOfArray("keys")
i = 0
DO WHILE i < lnNumKeys
    loJson.I = i

    loJson.ObjectOf2("keys[i]",loJsonKey)

    lnSuccess = loPubKey.LoadFromString(loJsonKey.Emit())
    IF (lnSuccess = 0) THEN
        ? loPubKey.LastErrorText
        RELEASE loHttp
        RELEASE loJson
        RELEASE loJsonToken
        RELEASE loSbIdToken
        RELEASE loRsa
        RELEASE loJsonKey
        RELEASE loPubKey
        CANCEL
    ENDIF

    ? STR(i)
    ? loPubKey.GetPem(1)

    lnSuccess = loRsa.UsePublicKey(loPubKey)

    lnBVerified = loRsa.VerifyStringENC(lcHeaderPlusPayload,"sha256",lcSig_b64Url)
    ? "bVerified = " + STR(lnBVerified)

    i = i + 1
ENDDO

* The output is:

* 0
* -----BEGIN RSA PUBLIC KEY-----
* MIIBCgKCAQEA4RIrO30287Wsq3gqXCMkUYMVAeI3H8LVE6IXR1krdFeGnZLiGUPw
* cbkeVpXf3lmJdsStOg+jijces2DZCfPyIBiQuLYfxxmAZE6ErJ0QJFg1stwli2Pz
* 9ncYhFoqi8pXr7kEzEJBTzX4thuw56ydbGsshSEznPXoerCJOc7UI2+n0wFCWQ4Y
* LHbh/PrWt4vdadyUUUW/QpQHXQLdD8q/Qwqdj0O9zlJE7R6Elw2E9EqnHyIGu1hm
* LxhqrTru1M18SUhONYbVskV/BCEdVKs//X96849HorWQDCAgVMWfGsdMVq55FAdJ
* 680N5UmQDRynIZ4+PeNGN4S9iw2mbMNEBQIDAQAB
* -----END RSA PUBLIC KEY-----
* 
* bVerified = True
* 1
* -----BEGIN RSA PUBLIC KEY-----
* MIIBCgKCAQEAxT/ngLZNmT5GBdkLtJZjNeTB+8B5yWgrq/e5eMZ1hrZhcmLK+dSn
* IkpOPV8/OekV67EnQ7I4II2rcNJnHGrGKZziXO3XN2gtUHE+mBJC99oULSbX/QwB
* Kz7gC/IBPq9EuxTt6Oq6fPkVQ9DbRIgWJSEGBF/KRaNl3kyAlIZfpY7XgHyJTTv8
* E7yAcYKPR+36gzdl+ps0sDLKzUuAtZNq8llK0u80z6AtAUIYwWdkEhM9upy6keKI
* TasIxcsO7M6kZPINUSbh6t5VAm8FuqRmxpgg+9c9/GQSGd89InVypoVzWLQ+wOGg
* 5G4H6JqIgtj0TRFt4gK0eoFi2U0d3l8bcwIDAQAB
* -----END RSA PUBLIC KEY-----
* 
* bVerified = False

RELEASE loHttp
RELEASE loJson
RELEASE loJsonToken
RELEASE loSbIdToken
RELEASE loRsa
RELEASE loJsonKey
RELEASE loPubKey