We have configured Google OAuth 2.0 for Web Server Applications as mentioned in https://developers.google.com/identity/protocols/oauth2/web-server#httprest.
Got the code using,
https://accounts.google.com/o/oauth2/v2/auth? scope=https%3A//www.googleapis.com/auth/drive.metadata.readonly& access_type=offline& include_granted_scopes=true& response_type=code& state=state_parameter_passthrough_value& redirect_uri=https%3A//oauth2.example.com/code& client_id=client_id.
Got JWT using,
POST /token HTTP/1.1 Host: oauth2.googleapis.com Content-Type: application/x-www-form-urlencoded
code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7& client_id=your_client_id& client_secret=your_client_secret& redirect_uri=https%3A//oauth2.example.com/code& grant_type=authorization_code
Now my decoded id_token looks like,
{
"alg": "RS256",
"kid": "b63ee0be093d9bc312d958c9966d21f0c8f6bbbb",
"typ": "JWT"
}.{
"iss": "https://accounts.google.com",
"azp": "640523414127-4eaptj129qb79v33pm0il71r4f506ts9.apps.googleusercontent.com",
"aud": "640523414127-4eaptj129qb79v33pm0il71r4f506ts9.apps.googleusercontent.com",
"sub": "118185565008542236388",
"email": "[email protected]",
"email_verified": true,
"at_hash": "K_sS85PI2ptkOIrUoWcM7Q",
"iat": 1595931406,
"exp": 1595935006
}.[Signature]
Now how can I add custom claim so that the above id_token contains my new claim, for example,
"policy": "readWrite"
And finally the decoded id_token should look like,
{
"alg": "RS256",
"kid": "b63ee0be093d9bc312d958c9966d21f0c8f6bbbb",
"typ": "JWT"
}.{
"iss": "https://accounts.google.com",
"azp": "640523414127-4eaptj129qb79v33pm0il71r4f506ts9.apps.googleusercontent.com",
"aud": "640523414127-4eaptj129qb79v33pm0il71r4f506ts9.apps.googleusercontent.com",
"sub": "118185565008542236388",
"email": "[email protected]",
"email_verified": true,
"at_hash": "K_sS85PI2ptkOIrUoWcM7Q",
"iat": 1595931406,
"exp": 1595935006,
**"policy": "readWrite"**
}.[Signature]
