Sign in with Google – how can we verify the Google ID token server side in .net? Code sample missing, library appears deprecated

0

Issue

We’re implementing "Sign in with Google" into an MVC5 application according the latest documentation, which is quite different and more straightforward than most of the examples we’ve seen on the web.

Part of the process is to "Verify the Google ID token on your server side" as described on this page: https://developers.google.com/identity/gsi/web/guides/verify-google-id-token

We’re told here that "Rather than writing your own code to perform these verification steps, we strongly recommend using a Google API client library for your platform", which is fair enough, but

a) there’s no code sample for .net on that page,
b) the project documentation doesn’t seem to relate to Sign in with Google in any way
c) if you actually look at the github for the .net client library here: https://github.com/googleapis/google-api-dotnet-client it says "This client library is supported but in maintenance mode only" which makes me wonder whether we’re even meant to be using it.

Can anybody please give us some guidance on whether we’re supposed to be using that library, or coding our solution manually, or using a third party JWT library of some kind?

Thanks for reading!

Solution

I think this is what you are looking for.

Retrieving the user identity

using Google.Apis.Auth;
using System;
using System.Threading;
using System.Threading.Tasks;

public class IAPTokenVerification
{
    /// <summary>
    /// Verifies a signed jwt token and returns its payload.
    /// </summary>
    /// <param name="signedJwt">The token to verify.</param>
    /// <param name="expectedAudience">The audience that the token should be meant for.
    /// Validation will fail if that's not the case.</param>
    /// <param name="cancellationToken">The cancellation token to propagate cancellation requests.</param>
    /// <returns>A task that when completed will have as its result the payload of the verified token.</returns>
    /// <exception cref="InvalidJwtException">If verification failed. The message of the exception will contain
    /// information as to why the token failed.</exception>
    public async Task<JsonWebSignature.Payload> VerifyTokenAsync(
        string signedJwt, string expectedAudience, CancellationToken cancellationToken = default)
    {
        SignedTokenVerificationOptions options = new SignedTokenVerificationOptions
        {
            // Use clock tolerance to account for possible clock differences
            // between the issuer and the verifier.
            IssuedAtClockTolerance = TimeSpan.FromMinutes(1),
            ExpiryClockTolerance = TimeSpan.FromMinutes(1),
            TrustedAudiences = { expectedAudience }
        };

        return await JsonWebSignature.VerifySignedTokenAsync(signedJwt, options, cancellationToken: cancellationToken);
    }
}

The library is in maintenance mode because it has been deemed stable / done by Google. They will only be making changes to it if they find critical
issues.

Answered By – DaImTo

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More