Google OAuth 2.0 Request Format

0
votes

How can a web-application redirect a user to Google for authentication and include a signed request in the URL argument to Google's OAuth 2.0 end-point?

For example, how can the following clear-text request be converted to a signed and encrypted request?

https://accounts.google.com/o/oauth2/auth?client_id=424911365001.apps.googleusercontent.com&response_type=code&scope=openid%20email&redirect_uri=https://oa2cb.example.com/&state=security_token%3D138r5719ru3e1%26url%3Dhttps://oa2cb.example.com/myHome&[email protected]&openid.realm=example.com&hd=example.com

2
google-apigoogle-oauth

2 Answers

0
votes

You can't Redirect URI is just the location of the page to return the Authentication to, the one that can handle the call. It must be a static page, path.

It clearly states in the Google Developer Console

One URI per line. Needs to have a protocol, no URL fragments, and no relative paths. Can't be a non-private IP Address.

Valid Redirect URIs

http://localhost/authorize/ 
http://localhost/google-api-php-client-samples/PlusLogin/index.php 
http://test.daimto.com/Oauth2.php 
http://WWW.daimto.com/Oauth2.php

Oauth2 Example:

https://accounts.google.com/o/oauth2/auth?client_id={clientid}.apps.googleusercontent.com&redirect_uri=http://localhost/google-api-php-client-samples/Analytics/Oauth2.php &scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code
0
votes

There's no way to send signed (or encrypted) authentication requests to Google's authorization endpoint at present because Google does not support that.

Yet Google's authentication protocol is OpenID Connect compliant and the specification has an optional feature that allows sending authentication requests represented in JWTs, which can be signed and/or encrypted JSON objects. See: http://openid.net/specs/openid-connect-core-1_0.html#RequestObject In the future Google may start to support that feature, but at present it does not.