February 2012
Beginner to intermediate
78 pages
2h 13m
English
Content preview from Getting Started with OAuth 2.0
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Practical OpenID Connect
Since the OpenID Connect specification is still under active development, experimental implementations by identity providers still differ from the specification. Here are some example requests and responses using these experimental implementations.
For Google
Google’s OpenID Connect implementation (see Figure 7-1) uses the following Endpoints:
- Check ID
https://www.googleapis.com/oauth2/v1/tokeninfo
- UserInfo
https://www.googleapis.com/oauth2/v1/userinfo
Google does not have the generic openid scope, but it supports the following
main scopes for its OpenID Connect implementation:
https://www.googleapis.com/auth/userinfo.email
- Profile
https://www.googleapis.com/auth/userinfo.profile
Here’s an example authorization URL for Google’s OpenID Connect implementation:
https://accounts.google.com/o/oauth2/auth? scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile& state=ABC123456& redirect_uri=https%3A%2F%2Foauthssodemo.appspot.com%2Foauthcallback& response_type=token%20id_token& client_id=8819981768.apps.googleusercontent.com
Figure 7-1. Google asking if it’s OK to share info with example app “OAuth SSO Relying Party”
In this example, we’re specifying a response_type of token id_token, indicating that we’re looking for both an ID token and a traditional OAuth 2.0 access token (via the implicit flow). After ...