Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added example to verify google idtoken #80

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

added example to verify google idtoken #80

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
c454b8e
added example to verify google idtoken
sugihjamin Jul 23, 2022
8f9c1d3
add allow_any_algs() to id_token_verifier() for v. 2.5.0
eecs441staff Feb 10, 2023
ef797f2
Update .gitignore
eecs441staff Feb 10, 2023
3eeb450
Revert "Update .gitignore"
sugihjamin Feb 11, 2023
07172dd
Revert "Revert "Update .gitignore""
sugihjamin Feb 11, 2023
de0375c
Updated to openidconnect-rs 4.0.0-rc.1
sugihjamin Oct 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/target/
target/
**/*.rs.bk
Cargo.lock
*~
Expand Down
4 changes: 4 additions & 0 deletions examples/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
[workspace]
members = ["*"]
exclude = ["target"]
resolver = "2"
13 changes: 13 additions & 0 deletions examples/google-idtoken/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
[package]
name = "google-idtoken"
version = "0.1.0"
edition = "2021"

[features]
default = ["async"]
async = ["tokio"]
sync = []

[dependencies]
openidconnect = { version = "4.0.0-rc.1", features = ["reqwest-blocking"] }
tokio = { version = "1.41.0", features = ["full"], optional = true }
106 changes: 106 additions & 0 deletions examples/google-idtoken/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
//!
//! An example using openidconnect to verify a Google Sign-In ID token
//! on a backend server ([Authenticate with a backend server]
//! (https://developers.google.com/identity/sign-in/web/backend-auth)).
//! To be used with [Android or iOS native app SDKs and apps or
//! platforms directly calling Google's OAuth2 or OpenID services]
//! (https://developers.googleblog.com/2021/08/gsi-jsweb-deprecation.html).
//!
//! Before running it, you'll need to generate your own [Google OAuth2
//! credentials for Mobile & Desktop Apps]
//! (https://developers.google.com/identity/protocols/oauth2/native-app).
//!
//! Run with:
//!
//! ```not_rust
//! pushd examples && GOOGLE_CLIENT_ID="xxx" GOOGLE_ID_TOKEN="yyy" cargo test -p google-idtoken --all-features -- --show-output && popd
//! ```

#[cfg(test)]
mod test {
use openidconnect::{core::{CoreClient, CoreIdToken}, reqwest, AuthUrl, ClientId, ClientSecret, IdToken, IssuerUrl, JsonWebKeySet, JsonWebKeySetUrl, Nonce};
use std::{env, str::FromStr};

#[cfg(feature = "sync")]
#[test]
fn verify_id_token() {
let google_client_id = ClientSecret::new(
env::var("GOOGLE_CLIENT_ID")
.expect("Missing the GOOGLE_CLIENT_ID environment variable."),
)
.secret()
.to_owned();

let google_id_token = ClientSecret::new(
env::var("GOOGLE_ID_TOKEN").expect("Missing the GOOGLE_ID_TOKEN environment variable."),
)
.secret()
.to_owned();

let client = CoreClient::new(
ClientId::new(google_client_id),
IssuerUrl::new("https://accounts.google.com".to_string()).unwrap(),
JsonWebKeySet::fetch(
&JsonWebKeySetUrl::new("https://www.googleapis.com/oauth2/v3/certs".to_string())
.unwrap(),
&reqwest::blocking::Client::new(),
)
.unwrap(),
)
.set_auth_uri(AuthUrl::new("https://accounts.google.com/o/oauth2/v2/auth".to_string()).unwrap());

let id_token: CoreIdToken = IdToken::from_str(&google_id_token).unwrap();

let claims = id_token.claims(&client.id_token_verifier().allow_any_alg(), |_: Option<&Nonce>| Ok(()));

match claims {
Ok(claims) => println!(
"name: {}",
claims.name().unwrap().get(None).unwrap().as_str()
),
Err(err) => println!("{:#?}", err),
};
}

#[cfg(feature = "async")]
#[tokio::test]
async fn verify_id_token_async() {
let google_client_id = ClientSecret::new(
env::var("GOOGLE_CLIENT_ID")
.expect("Missing the GOOGLE_CLIENT_ID environment variable."),
)
.secret()
.to_owned();

let google_id_token = ClientSecret::new(
env::var("GOOGLE_ID_TOKEN").expect("Missing the GOOGLE_ID_TOKEN environment variable."),
)
.secret()
.to_owned();

let client = CoreClient::new(
ClientId::new(google_client_id),
IssuerUrl::new("https://accounts.google.com".to_string()).unwrap(),
JsonWebKeySet::fetch_async(
&JsonWebKeySetUrl::new("https://www.googleapis.com/oauth2/v3/certs".to_string())
.unwrap(),
&crate::test::reqwest::Client::new(),
)
.await
.unwrap(),
)
.set_auth_uri(AuthUrl::new("https://accounts.google.com/o/oauth2/v2/auth".to_string()).unwrap());

let id_token: CoreIdToken = IdToken::from_str(&google_id_token).unwrap();

let claims = id_token.claims(&client.id_token_verifier(), |_: Option<&Nonce>| Ok(()));

match claims {
Ok(claims) => println!(
"name: {}",
claims.name().unwrap().get(None).unwrap().as_str()
),
Err(err) => println!("{:#?}", err),
};
}
}