Closed kshitij-enable closed 1 year ago
lepture
commented
1 year ago @kshitij-enable do you mean google id_token? The id_token is a JWT, you can validate it with:
https://docs.authlib.org/en/latest/jose/jwt.html
And you may also use other JWT libraries to decode the id_token.
kshitij-enable
commented
1 year ago @lepture I don't mean to just validate the signature of id_token which is JWT. I want to validate the token against the google token endpoint to check if it's valid and active. I understand that I can check the expiry time of the token persisted in local data-store, however it might skip the cases where token is revoked by external action.
I wanted to check if there is something in Authlib which can validate the token against the https://oauth2.googleapis.com/tokeninfo endpoint of google.
lepture
commented
1 year ago @kshitij-enable you can just send a GET request: https://developers.google.com/identity/sign-in/web/backend-auth#calling-the-tokeninfo-endpoint
I am trying to evaluate authlib support for following use cases with google oauth2.
I could implement 1, 2 and 4. However could not find any method or mechanism to validate the obtained access token against the google token endpoint. Requirement is to validate the token for the expiry/active before proceeding with further operations in the server.
Is there method to validate the access token using google token endpoint in Authlib in the private library under commercial license?