I already have google auth in my front(react) that returns to me:
access_token, expires_in, id_token, login_hint, scope, session_state.
All that data that google returns to my front. Now I just want to verify if this token its right. I know I can do it via this endpoint: https://oauth2.googleapis.com/tokeninfo?id_token=ID_TOKEN
But, it is another way via any hex ?
An ID Token is digitally signed and usually doesn’t require calling back a service to determine whether it is valid or not. Instead the signature can be verified locally, using the keys published by Google (see the jwks member of https://accounts.google.com/.well-known/openid-configuration).
There are some libraries such as JOSE, Joken or OpenIDConnect which can be used to verify the signature.
I have also not long ago released Plugoid which relies on the OIDC library, which has an ID Token verification function (OIDC.IDToken.verify/3).
2 Likes
