4
votes

I'm trying to do this:

https://developers.google.com/identity/sign-in/web/backend-auth#calling-the-tokeninfo-endpoint

I copy pasted the Java code from the example, with my CLIENT_ID, but I can't get any more information than user id, email and email verified. idTokenString verifies OK. Have anyone else got this to work?

I asked for these in OAuth 2.0 Playground:

https://www.googleapis.com/auth/plus.login

https://www.googleapis.com/auth/plus.me

https://www.googleapis.com/auth/userinfo.email

https://www.googleapis.com/auth/userinfo.profile

https://www.googleapis.com/auth/plus.moments.write

https://www.googleapis.com/auth/plus.profile.agerange.read

https://www.googleapis.com/auth/plus.profile.language.read

https://www.googleapis.com/auth/plus.circles.members.read

I guess the user.profile is the one i need only?

This is my code:

GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(transport, jsonFactory)
                .setAudience(Arrays.asList(CLIENT_ID))
                .setIssuer("accounts.google.com")
                .build();

        GoogleIdToken idToken = verifier.verify(idTokenString);
        System.out.println("SUCCESS!");
        System.out.println(idToken);

        if (idToken != null) {
            GoogleIdToken.Payload payload = idToken.getPayload();

            // Print user identifier
            String userId = payload.getSubject();
            System.out.println("User ID: " + userId);

            // Get profile information from payload
            String email = payload.getEmail();
            boolean emailVerified = payload.getEmailVerified();
            String name = (String) payload.get("name");
            String pictureUrl = (String) payload.get("picture");
            String locale = (String) payload.get("locale");
            String familyName = (String) payload.get("family_name");
            String givenName = (String) payload.get("given_name");

            // Use or store profile information
            // ...
            System.out.println(email);
            System.out.println(emailVerified);
            System.out.println(name);
            System.out.println(pictureUrl);
            System.out.println(locale);
            System.out.println(familyName);
            System.out.println(givenName);


        } else {
            System.out.println("Invalid ID token.");
        }
    } catch (GeneralSecurityException | IOException e) {

        System.out.println("ERRRRO! Invalid ID token.");
    }

Using: java-api-client 1.20.0

1

1 Answers

3
votes

I encountered the same issue today using com.google.api-client:google-api-client:1.22.0

But I was able to solve it.

Problem

When trying to get id token from OAuth2 playground I've noticed that there is this request

POST /oauth2/v4/token HTTP/1.1 Host: www.googleapis.com

The Google library has hard coded TOKEN_SERVER_URL in GoogleOAuthConstants with value https://accounts.google.com/o/oauth2/token

Fix

To fix it I've created following class

public class GoogleAuthorizationCodeTokenV4Request extends GoogleAuthorizationCodeTokenRequest {


    public GoogleAuthorizationCodeTokenV4Request(HttpTransport transport, JsonFactory jsonFactory, String clientId, String
            clientSecret, String code, String redirectUri) {
        super(transport, jsonFactory, "https://www.googleapis.com/oauth2/v4/token", clientId, clientSecret,
            code, redirectUri);
    }
}

And then just invoke it instead the original GoogleAuthorizationCodeTokenRequest

return new GoogleAuthorizationCodeTokenV4Request(new NetHttpTransport(), JacksonFactory.getDefaultInstance(),
                clientId, secret, authToken, callBack)
                .execute();

With profile scope all information (picture, names, ...) are in id_token