c# - Validate Google idToken - certificate verification fails using RSACryptoServiceProvider -

July 15, 2014

i building login workflow using google user. once user authenticated, call getauthresponse idtoken. https://developers.google.com/identity/sign-in/web/backend-auth

now, need verify certificate against google certificate. using jwtsecuritytoken(c#) same. referencing verification - http://blogs.msdn.com/b/alejacma/archive/2008/06/25/how-to-sign-and-verify-the-signature-with-net-and-a-certificate-c.aspx

issue - gets false verifyhash. as, verifyhash returns false without reason, not able find way verify whether idtoken valid or not. code given below

            string strid = ""; // idtoken received google authresponse             jwtsecuritytoken token = new jwtsecuritytoken(strid);                             byte[] text = gethash(token.rawdata);             sha256cng sha1 = new sha256cng();             unicodeencoding encoding = new unicodeencoding();             byte[] data = encoding.getbytes(text);             byte[] hash = sha1.computehash(data);             byte[] signature = encoding.unicode.getbytes(token.rawsignature);             // modulus , exponent value https://www.googleapis.com/oauth2/v2/certs - second set of keys             string modulus = "uhzgq7cmlx21nydbz9vsw1pitetb9mqvnplp_8e3knyk-mjv9dlaphkghyljfhygzka2190c5vfsllb1miegfdav7ftpfsaniwawl8zo0g-l0m7t2yg_7xerqcvk91lfifejtgxki86cpdzkgry6dayxmuawalhvpi3_uhpvsiwi7m6mxe8nunpuwodh_yjjnu3woxkdwbbzurv2itjy6z7rjfgjt1cskf-qjqsvvwjal0lacaems_8yae0ln5ynes8rab6xkmcouyeyhysibzwlrvgpxzevljlr631z99ouhtpp9vwjdpghfkrclkbmdtz-zcwx-efw6ndd54bjeq==";             string exponent = "aqab";             modulus = modulus.replace('-', '+').replace('_', '/'); // else gives base64 error             stringbuilder sb = new stringbuilder();             sb.append("<rsakeyvalue>");             sb.append("<modulus>");             sb.append(modulus);                             sb.append("</modulus>");             sb.append("<exponent>");             sb.append(exponent);             sb.append("</exponent>");             sb.append("</rsakeyvalue>");             rsacryptoserviceprovider rsaverifier = new rsacryptoserviceprovider();                             rsaverifier.fromxmlstring(sb.tostring());                            // verify signature hash                             return rsaverifier.verifyhash(hash, cryptoconfig.mapnametooid("sha256"), signature);

you might want try done in google+ token verification project - this fork includes few minor updates still in review.

an alternative approach verify tokens using google's token verification endpoints:

curl https://www.googleapis.com/oauth2/v2/tokeninfo?id_token=eyjhbgcioijsuzi1niisimtpzci6ijkynge0nja2ndgxm2i5yta5zmfjzgjinzywzgi5otmwmwu0zjbkzjaifq.eyjpc3mioijhy2nvdw50cy5nb29nbguuy29tiiwic3viijoimtewntcwotc3mji2odmwntc3mjmwiiwiyxpwijoimzy0mzgxndqxmzewlxruogw2zny2owdnogy3a3vjanjhytfyzwpmaxrxbgpulmfwchmuz29vz2xldxnlcmnvbnrlbnquy29tiiwiyxrfagfzaci6ilazlu1hztdocwzhukz5si1qcwridhcilcjhdwqioiiznjqzode0ndezmtatdg44bdzmdjy5z2c4zjdrdwnqcmfhmxjlamzpdhfsam4uyxbwcy5nb29nbgv1c2vyy29udgvudc5jb20ilcjjx2hhc2gioijjd3hsdxbuskc4n2fnbu1pb0tsyuv3iiwiawf0ijoxndm0ndcyodc2lcjlehaioje0mzq0nzy0nzz9.gz_wljzov9nphddclaklstutekk65pnpeof7mxm2j-aofvwh-ss0l5uxiaknfok4-ndgmip42vrpygnvbqwkzy63xucs94yqgvvmtnctjnao1iavtrhyvpdqgugkdeb3wemg5ss81pethdvhwyxfwlpyukiht8-u4esfbfacsrtr77qriok-iljavywtroj05gpa-ektunebvmzyyetbmfsoykbwfkxyolhly-enz_xfhtghyhb-gygrrw0r4fyhb81iwj6jf-7w6y3riujik7kyrkvnfouxufsm8gbwxsioi9aakavuwuk27s15kcv-_hkpxzvrw5svr1zoti_imw

Search This Blog

Macro

c# - Validate Google idToken - certificate verification fails using RSACryptoServiceProvider -

Comments

Post a Comment

Popular posts from this blog

How to connect android app to App engine -

gcc - MinGW's ld cannot perform PE operations on non PE output file -

php - display validation error message next to the textbox in codeigniter -