Google validation of id_token fails

rethinkdb / horizon

Horizon is a realtime, open-source backend for JavaScript apps.

MIT License

6.78k stars 349 forks source link

Google validation of id_token fails #793

Closed lirbank closed 8 years ago

lirbank commented 8 years ago

Server version: 2.0.0 Client version: 2.0.0

Sign in with horizon
Copy token from address bar or local storage
Add token to https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=XYZ123

Response:

{
 "error_description": "Invalid Value"
}

Info: https://developers.google.com/identity/protocols/OpenIDConnect#validatinganidtoken

Tryneus commented 8 years ago

The token in the address bar or local storage is a horizon JWT, not the token from the Google servers. The Google token is used internally to check the user's Google account ID and correspond it to a horizon user row; it is never sent to the browser.

lirbank commented 8 years ago

Oh, that explains it!