O'Reilly logo

Getting Started with OAuth 2.0 by Ryan Boyd

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Practical OpenID Connect

Since the OpenID Connect specification is still under active development, experimental implementations by identity providers still differ from the specification. Here are some example requests and responses using these experimental implementations.

For Google

Google’s OpenID Connect implementation (see Figure 7-1) uses the following Endpoints:

Check ID

https://www.googleapis.com/oauth2/v1/tokeninfo

UserInfo

https://www.googleapis.com/oauth2/v1/userinfo

Google does not have the generic openid scope, but it supports the following main scopes for its OpenID Connect implementation:

Email

https://www.googleapis.com/auth/userinfo.email

Profile

https://www.googleapis.com/auth/userinfo.profile

Here’s an example authorization URL for Google’s OpenID Connect implementation:

https://accounts.google.com/o/oauth2/auth?
  scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&
  state=ABC123456&
  redirect_uri=https%3A%2F%2Foauthssodemo.appspot.com%2Foauthcallback&
  response_type=token%20id_token&
  client_id=8819981768.apps.googleusercontent.com
Google asking if it’s OK to share info with example app “OAuth SSO Relying Party”

Figure 7-1. Google asking if it’s OK to share info with example app “OAuth SSO Relying Party”

In this example, we’re specifying a response_type of token id_token, indicating that we’re looking for both an ID token and a traditional OAuth 2.0 access token (via the implicit flow). After ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required