PowerShell
PowerShell
Validate a Google ID Token
See more OAuth2 Examples
Demonstrates how to verify the signature of a Google id token.Chilkat PowerShell Downloads
Add-Type -Path "C:\chilkat\ChilkatDotNet47-x64\ChilkatDotNet47.dll"
$success = $false
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
$http = New-Object Chilkat.Http
# First get the public key we'll be needing..
$jwkStr = $http.QuickGetStr("https://www.googleapis.com/oauth2/v3/certs")
if ($http.LastMethodSuccess -eq $false) {
$($http.LastErrorText)
exit
}
# We have the following:
# {
# "keys": [
# {
# "kid": "e8732db06287515556213b80acbcfd08cfb302a9",
# "n": "4RIrO30287Wsq3gqXCMkUYMVAeI3H8...w2mbMNEBQ",
# "kty": "RSA",
# "e": "AQAB",
# "alg": "RS256",
# "use": "sig"
# },
# {
# "kid": "8462a71da4f6d611fc0fecf0fc4ba9c37d65e6cd",
# "e": "AQAB",
# "n": "xT_ngLZNmT5GBtJZeTB...Ft4gK0eoFi0d3l8bcw",
# "alg": "RS256",
# "use": "sig",
# "kty": "RSA"
# }
# ]
# }
$json = New-Object Chilkat.JsonObject
$success = $json.Load($jwkStr)
# -------------------------------------------------
# Load the following..
# {
# "access_token": "ya29.a0...0f",
# "expires_in": 3599,
# "scope": "openid https://www.googleapis.com/auth/userinfo.email",
# "token_type": "Bearer",
# "id_token": "eyJhb...o5nQ"
# }
$jsonToken = New-Object Chilkat.JsonObject
$success = $jsonToken.LoadFile("qa_data/tokens/google_sample_id_token.json")
if ($success -eq $false) {
$("Failed to load the JSON file...")
exit
}
# Get the id_token;
$sbIdToken = New-Object Chilkat.StringBuilder
$success = $sbIdToken.Append($jsonToken.StringOf("id_token"))
# Get the signature in base64url format.
# The header + payload remains in sbIdToken.
$sig_b64Url = $sbIdToken.GetAfterFinal(".",$true)
$headerPlusPayload = $sbIdToken.GetAsString()
$($sig_b64Url)
$($headerPlusPayload)
# ---------------------------------------------
# Try validating with each cert's public key.
# Hopefully one will be the key that verifies.
$rsa = New-Object Chilkat.Rsa
$rsa.EncodingMode = "base64url"
$jsonKey = New-Object Chilkat.JsonObject
$pubKey = New-Object Chilkat.PublicKey
$numKeys = $json.SizeOfArray("keys")
$i = 0
while ($i -lt $numKeys) {
$json.I = $i
$json.ObjectOf2("keys[i]",$jsonKey)
$success = $pubKey.LoadFromString($jsonKey.Emit())
if ($success -eq $false) {
$($pubKey.LastErrorText)
exit
}
$($i)
$($pubKey.GetPem($true))
$success = $rsa.UsePublicKey($pubKey)
$bVerified = $rsa.VerifyStringENC($headerPlusPayload,"sha256",$sig_b64Url)
$("bVerified = " + $bVerified)
$i = $i + 1
}
# The output is:
# 0
# -----BEGIN RSA PUBLIC KEY-----
# MIIBCgKCAQEA4RIrO30287Wsq3gqXCMkUYMVAeI3H8LVE6IXR1krdFeGnZLiGUPw
# cbkeVpXf3lmJdsStOg+jijces2DZCfPyIBiQuLYfxxmAZE6ErJ0QJFg1stwli2Pz
# 9ncYhFoqi8pXr7kEzEJBTzX4thuw56ydbGsshSEznPXoerCJOc7UI2+n0wFCWQ4Y
# LHbh/PrWt4vdadyUUUW/QpQHXQLdD8q/Qwqdj0O9zlJE7R6Elw2E9EqnHyIGu1hm
# LxhqrTru1M18SUhONYbVskV/BCEdVKs//X96849HorWQDCAgVMWfGsdMVq55FAdJ
# 680N5UmQDRynIZ4+PeNGN4S9iw2mbMNEBQIDAQAB
# -----END RSA PUBLIC KEY-----
#
# bVerified = True
# 1
# -----BEGIN RSA PUBLIC KEY-----
# MIIBCgKCAQEAxT/ngLZNmT5GBdkLtJZjNeTB+8B5yWgrq/e5eMZ1hrZhcmLK+dSn
# IkpOPV8/OekV67EnQ7I4II2rcNJnHGrGKZziXO3XN2gtUHE+mBJC99oULSbX/QwB
# Kz7gC/IBPq9EuxTt6Oq6fPkVQ9DbRIgWJSEGBF/KRaNl3kyAlIZfpY7XgHyJTTv8
# E7yAcYKPR+36gzdl+ps0sDLKzUuAtZNq8llK0u80z6AtAUIYwWdkEhM9upy6keKI
# TasIxcsO7M6kZPINUSbh6t5VAm8FuqRmxpgg+9c9/GQSGd89InVypoVzWLQ+wOGg
# 5G4H6JqIgtj0TRFt4gK0eoFi2U0d3l8bcwIDAQAB
# -----END RSA PUBLIC KEY-----
#
# bVerified = False