Closed MoacirSchmidt closed 5 years ago
I suspect you'll want to read: https://developers.google.com/identity/sign-in/web/backend-auth
If client is sending an id_token
to the server side in an authorization
header your application can call the tokeninfo end-point: https://oauth2.googleapis.com/tokeninfo?id_token=<token>
import 'package:googleapis/oauth2/v2.dart';
import 'package:http/http.dart';
void main() async {
final oauth = Oauth2Api(Client());
final info = await oauth.tokeninfo(idToken: '<id-token from incoming request>');
print("TODO: Check that ${info.audience} is your audience!!!");
// Also read the other properties in the tokeninfo, and remember that
// emails may change over time, but user_id is stable.
}
I've already read that. The article says there are some libraries to validate token without the need to another http request to google/facebook servers.
The article says there are some libraries to validate token without the need to another http request to google/facebook servers.
Yes, that's correct, unfortunately we don't seem to have the required RSA signature verification algorithm in Dart just yet.
There is a feature request for this here: https://github.com/dart-lang/tools/issues/304 (this is essential openid-connect token verification)
Personally, I would like to have some better crypto libraries for Dart which would make this easy to do.. But I suspect it might be a while before that happens..
I'm using google_sign_in.dart package to authenticate my flutter client app with google. After authentication I receive an idToken and an accessToken. How can I use googleapis_auth library to validate these tokens server side?
I am NOT using any google service API! I would like only to perform token validation process.