Unicode C
Unicode C
Validate a Google ID Token
See more OAuth2 Examples
Demonstrates how to verify the signature of a Google id token.Chilkat Unicode C Downloads
#include <C_CkHttpW.h>
#include <C_CkJsonObjectW.h>
#include <C_CkStringBuilderW.h>
#include <C_CkRsaW.h>
#include <C_CkPublicKeyW.h>
void ChilkatSample(void)
{
BOOL success;
HCkHttpW http;
const wchar_t *jwkStr;
HCkJsonObjectW json;
HCkJsonObjectW jsonToken;
HCkStringBuilderW sbIdToken;
const wchar_t *sig_b64Url;
const wchar_t *headerPlusPayload;
HCkRsaW rsa;
HCkJsonObjectW jsonKey;
HCkPublicKeyW pubKey;
int numKeys;
int i;
BOOL bVerified;
success = FALSE;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
http = CkHttpW_Create();
// First get the public key we'll be needing..
jwkStr = CkHttpW_quickGetStr(http,L"https://www.googleapis.com/oauth2/v3/certs");
if (CkHttpW_getLastMethodSuccess(http) == FALSE) {
wprintf(L"%s\n",CkHttpW_lastErrorText(http));
CkHttpW_Dispose(http);
return;
}
// We have the following:
// {
// "keys": [
// {
// "kid": "e8732db06287515556213b80acbcfd08cfb302a9",
// "n": "4RIrO30287Wsq3gqXCMkUYMVAeI3H8...w2mbMNEBQ",
// "kty": "RSA",
// "e": "AQAB",
// "alg": "RS256",
// "use": "sig"
// },
// {
// "kid": "8462a71da4f6d611fc0fecf0fc4ba9c37d65e6cd",
// "e": "AQAB",
// "n": "xT_ngLZNmT5GBtJZeTB...Ft4gK0eoFi0d3l8bcw",
// "alg": "RS256",
// "use": "sig",
// "kty": "RSA"
// }
// ]
// }
json = CkJsonObjectW_Create();
success = CkJsonObjectW_Load(json,jwkStr);
// -------------------------------------------------
// Load the following..
// {
// "access_token": "ya29.a0...0f",
// "expires_in": 3599,
// "scope": "openid https://www.googleapis.com/auth/userinfo.email",
// "token_type": "Bearer",
// "id_token": "eyJhb...o5nQ"
// }
jsonToken = CkJsonObjectW_Create();
success = CkJsonObjectW_LoadFile(jsonToken,L"qa_data/tokens/google_sample_id_token.json");
if (success == FALSE) {
wprintf(L"Failed to load the JSON file...\n");
CkHttpW_Dispose(http);
CkJsonObjectW_Dispose(json);
CkJsonObjectW_Dispose(jsonToken);
return;
}
// Get the id_token;
sbIdToken = CkStringBuilderW_Create();
success = CkStringBuilderW_Append(sbIdToken,CkJsonObjectW_stringOf(jsonToken,L"id_token"));
// Get the signature in base64url format.
// The header + payload remains in sbIdToken.
sig_b64Url = CkStringBuilderW_getAfterFinal(sbIdToken,L".",TRUE);
headerPlusPayload = CkStringBuilderW_getAsString(sbIdToken);
wprintf(L"%s\n",sig_b64Url);
wprintf(L"%s\n",headerPlusPayload);
// ---------------------------------------------
// Try validating with each cert's public key.
// Hopefully one will be the key that verifies.
rsa = CkRsaW_Create();
CkRsaW_putEncodingMode(rsa,L"base64url");
jsonKey = CkJsonObjectW_Create();
pubKey = CkPublicKeyW_Create();
numKeys = CkJsonObjectW_SizeOfArray(json,L"keys");
i = 0;
while (i < numKeys) {
CkJsonObjectW_putI(json,i);
CkJsonObjectW_ObjectOf2(json,L"keys[i]",jsonKey);
success = CkPublicKeyW_LoadFromString(pubKey,CkJsonObjectW_emit(jsonKey));
if (success == FALSE) {
wprintf(L"%s\n",CkPublicKeyW_lastErrorText(pubKey));
CkHttpW_Dispose(http);
CkJsonObjectW_Dispose(json);
CkJsonObjectW_Dispose(jsonToken);
CkStringBuilderW_Dispose(sbIdToken);
CkRsaW_Dispose(rsa);
CkJsonObjectW_Dispose(jsonKey);
CkPublicKeyW_Dispose(pubKey);
return;
}
wprintf(L"%d\n",i);
wprintf(L"%s\n",CkPublicKeyW_getPem(pubKey,TRUE));
success = CkRsaW_UsePublicKey(rsa,pubKey);
bVerified = CkRsaW_VerifyStringENC(rsa,headerPlusPayload,L"sha256",sig_b64Url);
wprintf(L"bVerified = %d\n",bVerified);
i = i + 1;
}
// The output is:
// 0
// -----BEGIN RSA PUBLIC KEY-----
// MIIBCgKCAQEA4RIrO30287Wsq3gqXCMkUYMVAeI3H8LVE6IXR1krdFeGnZLiGUPw
// cbkeVpXf3lmJdsStOg+jijces2DZCfPyIBiQuLYfxxmAZE6ErJ0QJFg1stwli2Pz
// 9ncYhFoqi8pXr7kEzEJBTzX4thuw56ydbGsshSEznPXoerCJOc7UI2+n0wFCWQ4Y
// LHbh/PrWt4vdadyUUUW/QpQHXQLdD8q/Qwqdj0O9zlJE7R6Elw2E9EqnHyIGu1hm
// LxhqrTru1M18SUhONYbVskV/BCEdVKs//X96849HorWQDCAgVMWfGsdMVq55FAdJ
// 680N5UmQDRynIZ4+PeNGN4S9iw2mbMNEBQIDAQAB
// -----END RSA PUBLIC KEY-----
//
// bVerified = True
// 1
// -----BEGIN RSA PUBLIC KEY-----
// MIIBCgKCAQEAxT/ngLZNmT5GBdkLtJZjNeTB+8B5yWgrq/e5eMZ1hrZhcmLK+dSn
// IkpOPV8/OekV67EnQ7I4II2rcNJnHGrGKZziXO3XN2gtUHE+mBJC99oULSbX/QwB
// Kz7gC/IBPq9EuxTt6Oq6fPkVQ9DbRIgWJSEGBF/KRaNl3kyAlIZfpY7XgHyJTTv8
// E7yAcYKPR+36gzdl+ps0sDLKzUuAtZNq8llK0u80z6AtAUIYwWdkEhM9upy6keKI
// TasIxcsO7M6kZPINUSbh6t5VAm8FuqRmxpgg+9c9/GQSGd89InVypoVzWLQ+wOGg
// 5G4H6JqIgtj0TRFt4gK0eoFi2U0d3l8bcwIDAQAB
// -----END RSA PUBLIC KEY-----
//
// bVerified = False
CkHttpW_Dispose(http);
CkJsonObjectW_Dispose(json);
CkJsonObjectW_Dispose(jsonToken);
CkStringBuilderW_Dispose(sbIdToken);
CkRsaW_Dispose(rsa);
CkJsonObjectW_Dispose(jsonKey);
CkPublicKeyW_Dispose(pubKey);
}