c# - Migrating from Google OpenID to new OAuth 2 -

i see there questions none found goes details.

i have using own code dotnetopenauth before decided switch on microsoft wrapper authentication. anyways found oauth client:

https://github.com/mj1856/dotnetopenauth.googleoauth2

it seems work fine come migration part. in current login system save full openid url google returns in form of:

https://www.google.com/accounts/o8/id?id=????????????????????????????????????

according documentation here https://developers.google.com/accounts/docs/openid should able value in way via new oauth system.

i have included "openid.realm" paramater in auth request.

    return builduri(authorizationendpoint, new namevaluecollection         {             { "response_type", "code" },             { "client_id", _clientid },             { "scope", string.join(" ", scopes) },             { "redirect_uri", returnurl.getleftpart(uripartial.path) },             { "state", state },             { "openid.realm", "http://myoldopenidrealm" }         }); 

and far understand documentation should need do. have made sure realm used openid 2 authentication same , it's same return url.

after i've done token request , understand it's here should see "open_id" field cannot understand how it.

protected override string queryaccesstoken(uri returnurl, string authorizationcode) {     var postdata = httputility.parsequerystring(string.empty);     postdata.add(new namevaluecollection         {             { "grant_type", "authorization_code" },             { "code", authorizationcode },             { "client_id", _clientid },             { "client_secret", _clientsecret },             { "redirect_uri", returnurl.getleftpart(uripartial.path) },         });      var webrequest = (httpwebrequest)webrequest.create(tokenendpoint);      webrequest.method = "post";     webrequest.contenttype = "application/x-www-form-urlencoded";      using (var s = webrequest.getrequeststream())     using (var sw = new streamwriter(s))         sw.write(postdata.tostring());      using (var webresponse = webrequest.getresponse()) {         var responsestream = webresponse.getresponsestream();         if (responsestream == null)             return null;          using (var reader = new streamreader(responsestream)) {             var response = reader.readtoend();             var json = jobject.parse(response);             var accesstoken = json.value<string>("access_token");             return accesstoken;         }     } } 

this documentation says, , can't see either "sub" or "openid_id" field.

*the response token request includes usual fields (access_token, etc.), plus openid_id field , standard openid connect sub field. fields need in context openid_id , sub:*

sub , openid_id fields contained in openid connect id token, rather access token.

you can id token either via token endpoint (same 1 use retrieve access tokens) or alternatively can retrieve directly openid connect authentication request (by adding id_token response_type parameter, potentially saving back-end call token endpoint).

hope helps!

--

sample of how obtain id token

(flows generated using oauthplayground -- highly recommended tool debug oauth2/openid connect flows)

1. go https://developers.google.com/oauthplayground
2. select (for instance) oauth2 api v2 userinfo.email scope
3. click authorize apis
4. approve oauth2 request
5. press "exchange authorization code tokens" button.

you can see http requests/responses. interestingly, response call google's token api contains

{ "access_token": "ya29.xyz", "token_type": "bearer", "expires_in": 3600, "refresh_token": "1/kgxyz", "id_token": "my.id.token" }

you can base 64 decode payload of obtained id token (in example "id") , relevant user information. base 64 decoding manually can use online tools (see https://www.base64decode.org/ instance).