New Problem with login using google in OpenID Connect return Invalid Id Token that print invalid payload
49 views
Skip to first unread message
Carl Andin Michel Sanon
Nov 7, 2016, 11:15:13 AM11/7/16
to Google Cloud SQL discuss
Hi Everyone,
We have our web application under Appengine server that's worked very well since April 2016, now users can't connect because of invalid id token from google. I try to see what change the developer from google has made, I can't see. Here is a log from google below that's print My payload finish with an "?". Someone has already found this problem?. I need your help please because users can't connect .
Best Regards.
[s~xxxxx/v1-0-4.396821290758257501].<stdout>: {"iss":"accounts.google.com","iat":1478529880,"exp":1478533480,"at_hash":"0gp2l3j9SSSI0cUDuYAJ-w","aud":"xxxxx.apps.googleusercontent.com","sub":"103993690248691064163","email_verified":true,"azp":"xxxxxxxx.apps.googleusercontent.com","hd":"xxxx.gouv.ht","email":"x...@gmail.com"B'?
We have our web application under Appengine server that's worked very well since April 2016, now users can't connect because of invalid id token from google. I try to see what change the developer from google has made, I can't see. Here is a log from google below that's print My payload finish with an "?". Someone has already found this problem?. I need your help please because users can't connect .
Best Regards.
[s~xxxxx/v1-0-4.396821290758257501].<stdout>: {"iss":"accounts.google.com","iat":1478529880,"exp":1478533480,"at_hash":"0gp2l3j9SSSI0cUDuYAJ-w","aud":"xxxxx.apps.googleusercontent.com","sub":"103993690248691064163","email_verified":true,"azp":"xxxxxxxx.apps.googleusercontent.com","hd":"xxxx.gouv.ht","email":"x...@gmail.com"B'?
Adam (Cloud Platform Support)
Nov 8, 2016, 12:41:15 PM11/8/16
to Google Cloud SQL discuss
Could you share the details about how you're making the request that produces the invalid token?
[s~xxxxx/v1-0-4.396821290758257501].<stdout>: {"iss":"accounts.google.com","iat":1478529880,"exp":1478533480,"at_hash":"0gp2l3j9SSSI0cUDuYAJ-w","aud":"xxxxx.apps.googleusercontent.com","sub":"103993690248691064163","email_verified":true,"azp":"xxxxxxxx.apps.googleusercontent.com","hd":"xxxx.gouv.ht","email":"xxx...@gmail.com"B'?
Carl Andin Michel Sanon
Nov 8, 2016, 2:37:32 PM11/8/16
to Google Cloud SQL discuss
Hi Adam
Thanx for your support.
This is the detail of my process : I have
1- A jsp for login that contains this form
<form action="https://accounts.google.com/o/oauth2/auth" method="get" name="loginForm">
<input type="hidden" name="response_type" value="token id_token" />
<input type="hidden" name="client_id" value="xxxxxx.apps.googleusercontent.com" />
<input type="hidden" name="redirect_uri" value="http://xxxxxxxx.appspot.com/xxxx.jsp" />
<input type="hidden" name="scope" value="openid email" />
<input type="hidden" name="access_type" value="online" />
<input type="hidden" name="approval_prompt" value="auto" />
<input type="hidden" name="openid.realm" value="http://xxxxxxxxx.appspot.com/" />
</form>
When we submit the form above I receive the response that contains the id_token in the page xxxx.jsp
2- In the page xxxxx.jsp I use this function below to retrieve the email
public String getEmailFromURL(String idToken){
System.out.println(idToken);
String[] jwtParts = idToken.split("\\.");
String payload = "";
JSONObject json = null;
payload = new String( Base64.decode(jwtParts[1].getBytes()));
System.out.println(payload);
//logger.info("Payload: "+payload);
//json = (JSONObject) JSONValue.parse(payload);\
String email = getEmail(payload);
if(payload!=null)
System.out.println(email);
//logger.info("Email: "+json.get("email"));
return email;
}
Remember that its worked very well since April 2016, but on October 22, 2016 Its not working, because the id_token is invalid. The statement "System.out.println(payload);" that's print the payload with an ? in the console of the cloud.
Best Regards.
Thanx for your support.
This is the detail of my process : I have
1- A jsp for login that contains this form
<form action="https://accounts.google.com/o/oauth2/auth" method="get" name="loginForm">
<input type="hidden" name="response_type" value="token id_token" />
<input type="hidden" name="client_id" value="xxxxxx.apps.googleusercontent.com" />
<input type="hidden" name="redirect_uri" value="http://xxxxxxxx.appspot.com/xxxx.jsp" />
<input type="hidden" name="scope" value="openid email" />
<input type="hidden" name="access_type" value="online" />
<input type="hidden" name="approval_prompt" value="auto" />
<input type="hidden" name="openid.realm" value="http://xxxxxxxxx.appspot.com/" />
</form>
When we submit the form above I receive the response that contains the id_token in the page xxxx.jsp
2- In the page xxxxx.jsp I use this function below to retrieve the email
public String getEmailFromURL(String idToken){
System.out.println(idToken);
String[] jwtParts = idToken.split("\\.");
String payload = "";
JSONObject json = null;
payload = new String( Base64.decode(jwtParts[1].getBytes()));
System.out.println(payload);
//logger.info("Payload: "+payload);
//json = (JSONObject) JSONValue.parse(payload);\
String email = getEmail(payload);
if(payload!=null)
System.out.println(email);
//logger.info("Email: "+json.get("email"));
return email;
}
Remember that its worked very well since April 2016, but on October 22, 2016 Its not working, because the id_token is invalid. The statement "System.out.println(payload);" that's print the payload with an ? in the console of the cloud.
Best Regards.
On Monday, November 7, 2016 at 11:15:13 AM UTC-5, Carl Andin Michel Sanon wrote:
[s~xxxxx/v1-0-4.396821290758257501].<stdout>: {"iss":"accounts.google.com","iat":1478529880,"exp":1478533480,"at_hash":"0gp2l3j9SSSI0cUDuYAJ-w","aud":"xxxxx.apps.googleusercontent.com","sub":"103993690248691064163","email_verified":true,"azp":"xxxxxxxx.apps.googleusercontent.com","hd":"xxxx.gouv.ht","email":"xxx...@gmail.com"B'?
Adam (Cloud Platform Support)
Nov 11, 2016, 3:05:26 PM11/11/16
to Google Cloud SQL discuss
What does the raw response look like before you parse out the payload? In the interest of troubleshooting, have you tested the request and response using a plain servlet instead of a form and JSP?
Reply all
Reply to author
Forward
0 new messages