I am trying to authenticate a user on Android via Google Sign-in to get the account name, grab a token through GoogleAuthUtil. getToken (getApplicationContext (), application, scope) and then send the token to my NodeJS server server to check
I found this great stackoverflow question about how to decode it, cache key identifier (KID) so that it doesn't make a round trip every time, etc. (harbor I have not yet implemented this part, but somehow played with it). My only question is: what is the difference between the following googleapis certificates:
- www.googleapis.com/oauth2/v1/certs
- www.googleapis.com/oauth2/v2/certs
- www.googleapis.com/oauth2/v3/certs
The KIDs for each version are identical, but the content is clearly different. What for? v2 and v3 seem almost identical, except that v2 has "==" added at the end of the property value "n"
Most importantly, which version am I using?
I think these certificates are called JSON Web Keys (JWK). I also read the term "x5c". What is it?
PS: the token that I get on my nodes from my Android application:
{
"iss": "accounts.google.com",
"sub": "SOME_LONG_NUMBER_THAT_I_DONT_KNOW_IF_SHOULD_SHOW",
"azp": "SERVER_CLIENT_ID",
"email": "ANDROID_USER_EMAIL",
"email_verified": "true",
"aud": "ANDROID_CLIENT_ID",
"iat": "SOME_NUMBER",
"exp": "SOME_NUMBER",
"alg": "RS256",
"kid": "e53139984bd36d2c230552441608cc0b5179487a"
}
source
share