在 C# 中验证 Google ID 令牌
[英]Validating Google ID tokens in C#
问题描述
I need to validate a Google ID token passed from a mobile device at my ASP.NET web api.
我需要在我的 ASP.NET web api 上验证从移动设备传递的 Google ID 令牌。
Google have some sample code here but it relies on a JWT NuGet package which is .Net 4.5 only (I am using C#/.Net 4.0).谷歌在这里有一些示例代码,但它依赖于一个 JWT NuGet 包,它只是 .Net 4.5(我使用的是 C#/.Net 4.0)。 Is anyone aware of any samples which do this without these packages or has achieved this themselves?有没有人知道没有这些包就可以做到这一点的任何示例,或者自己已经实现了这一点? The use of the package makes it very difficult to work out what I need to do without it.包的使用使我很难弄清楚没有它我需要做什么。
3 个解决方案
解决方案1
23 2018-03-27 07:27:07
According to this github issue , you can now use GoogleJsonWebSignature.ValidateAsync method to validate a Google-signed JWT.根据这个 github 问题,您现在可以使用GoogleJsonWebSignature.ValidateAsync方法来验证 Google 签名的 JWT。 Simply pass the idToken string to the method.只需将idToken字符串传递给该方法。
var validPayload = await GoogleJsonWebSignature.ValidateAsync(idToken);
Assert.NotNull(validPayload);
If it is not a valid one, it will return null .如果它不是有效的,它将返回null 。
Note that to use this method, you need to install Google.Apis.Auth nuget firsthand.请注意,要使用此方法,您需要先安装Google.Apis.Auth nuget。
解决方案2
1 2013-06-15 03:34:25
The challenge is validating the JWT certificate in the ID token.挑战是验证 ID 令牌中的 JWT 证书。 There is currently not a library I'm aware of that can do this that doesn't require .Net 4.5 and until there is a solution for JWT validation in .NET 4.0, there will not be an easy solution.目前我知道没有一个库可以做到这一点,不需要 .Net 4.5,直到在 .NET 4.0 中有一个 JWT 验证解决方案,才会有一个简单的解决方案。
However, if you have an access token, you can look into performing validation using oauth2.tokeninfo .但是,如果您有访问令牌,则可以考虑使用oauth2.tokeninfo执行验证。 To perform basic validation using token info, you can do something like the following:要使用令牌信息执行基本验证,您可以执行以下操作:
// Use Tokeninfo to validate the user and the client.
var tokeninfo_request = new Oauth2Service().Tokeninfo();
tokeninfo_request.Access_token = _authState.AccessToken;
var tokeninfo = tokeninfo_request.Fetch();
if (userid == tokeninfo.User_id
&& tokeninfo.Issued_to == CLIENT_ID)
{
// Basic validation succeeded
}
else
{
// The credentials did not match.
}
The information returned from the Google OAuth2 API tells you more information about a particular token such as the client id it was issued too as well as its expiration time.从 Google OAuth2 API 返回的信息会告诉您有关特定令牌的更多信息,例如颁发给它的客户端 ID 以及其到期时间。
Note You should not be passing around the access token but instead should be doing this check after exchanging a one-time code to retrieve an access token.注意您不应该传递访问令牌,而应该在交换一次性代码以检索访问令牌后进行此检查。
解决方案3
1 2020-06-29 03:48:47
ClientId also needs to be passed, which should be set from Google API Console.还需要传递 ClientId,它应该从 Google API 控制台设置。 If only pass TokenId, GoogleJsonWebSignature throws error.如果只传递 TokenId,GoogleJsonWebSignature 会抛出错误。 This answer is in addition to @edmundpie answer这个答案是对@edmundpie 答案的补充
var settings = new GoogleJsonWebSignature.ValidationSettings()
{
Audience = new List<string>() { "[Placeholder for Client Id].apps.googleusercontent.com" }
};
var validPayload = await GoogleJsonWebSignature.ValidateAsync(model.ExternalTokenId, settings);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.