Practical OpenID Connect

Since the OpenID Connect specification is still under active development, experimental implementations by identity providers still differ from the specification. Here are some example requests and responses using these experimental implementations.

For Google

Google’s OpenID Connect implementation (see Figure 7-1) uses the following Endpoints:

Check ID: https://www.googleapis.com/oauth2/v1/tokeninfo
UserInfo: https://www.googleapis.com/oauth2/v1/userinfo

Google does not have the generic openid scope, but it supports the following main scopes for its OpenID Connect implementation:

Email: https://www.googleapis.com/auth/userinfo.email
Profile: https://www.googleapis.com/auth/userinfo.profile

Here’s an example authorization URL for Google’s OpenID Connect implementation:

https://accounts.google.com/o/oauth2/auth?
  scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&
  state=ABC123456&
  redirect_uri=https%3A%2F%2Foauthssodemo.appspot.com%2Foauthcallback&
  response_type=token%20id_token&
  client_id=8819981768.apps.googleusercontent.com

Figure 7-1. Google asking if it’s OK to share info with example app “OAuth SSO Relying Party”

In this example, we’re specifying a response_type of token id_token, indicating that we’re looking for both an ID token and a traditional OAuth 2.0 access token (via the implicit flow). After ...

Get Getting Started with OAuth 2.0 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Getting Started with OAuth 2.0 by Ryan Boyd

Practical OpenID Connect

For Google

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly