Authenticate the gToken cookie using c#
638 views
Skip to first unread message
Rachna Mehta
Dec 7, 2015, 5:31:28 AM12/7/15
to Google Identity Toolkit
Hi There,
I understand that you are missing the c# version of the libraries that will help to authenticate and validate the gtoken cookie provided after authenticating with Google Identity Toolkit. So I am trying to create my own in .net framework 4.5 using nuget package System.IdentityModel.Tokens by microsoft.
I am having trouble getting the IssuerSigningKey . I am not sure if the client secret in the google developer console is the Issuer signing key or I need the client secret to read the .p12 certfificate file and then find the private key from the cerfificate to use to validate the token. If thats the case, what and how do I do? Any suggestions.
Could someone please help me out?
Rachna
My code is as below:-
I have gotten so far but I am failing with an exception as below in Soap UI (The Keyid is null)
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body>
<AuthenticateTokenResponse xmlns="http://tempuri.org/">
<AuthenticateTokenResult>JWT.SignatureVerificationException:IDX10503: Signature validation failed. Keys tried: 'System.IdentityModel.Tokens.SymmetricSecurityKey , KeyId:
'.
Exceptions caught:
'System.InvalidOperationException: IDX10636: SignatureProviderFactory.CreateForVerifying returned null for key: 'System.IdentityModel.Tokens.SymmetricSecurityKey', signatureAlgorithm: 'RS256'.
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
'.
token: '{"alg":"RS256","typ":"JWT","kid":"qwYevA"}.{"iss":"https://identitytoolkit.google.com/","aud":"audience.com","iat":1449135894,"exp":1450345494,"user_id":"12345678900000000","email":"x...@gmail.com","provider_id":"google.com","verified":true,"display_name":"FirstName LastName"}'</AuthenticateTokenResult>
</AuthenticateTokenResponse>
</s:Body>
</s:Envelope>
My webservice function is as below:
string My_Service.AuthenticateToken(string aToken)
{
var authToken = "authtoken";
var secretKey = "Client Secret from the google developer console";
try
{
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var securityToken = tokenHandler.ReadToken(authToken);
var signingCredentials = new SigningCredentials(new System.IdentityModel.Tokens.SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey)), "RS256");
System.IdentityModel.Tokens.SecurityToken validatedToken = null;
var validationParameters = new System.IdentityModel.Tokens.TokenValidationParameters()
{
ValidAudience = "audience.com",
ValidIssuer = "identitytoolkit.google.com",
IssuerSigningKey = new System.IdentityModel.Tokens.SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey)),
};
var principal = tokenHandler.ValidateToken(authToken, validationParameters, out validatedToken);
return principal.ToJSON();
}
catch (Exception ex)
{
return "JWT.SignatureVerificationException:" + ex.Message.ToString();
}
}
I understand that you are missing the c# version of the libraries that will help to authenticate and validate the gtoken cookie provided after authenticating with Google Identity Toolkit. So I am trying to create my own in .net framework 4.5 using nuget package System.IdentityModel.Tokens by microsoft.
I am having trouble getting the IssuerSigningKey . I am not sure if the client secret in the google developer console is the Issuer signing key or I need the client secret to read the .p12 certfificate file and then find the private key from the cerfificate to use to validate the token. If thats the case, what and how do I do? Any suggestions.
Could someone please help me out?
Rachna
My code is as below:-
I have gotten so far but I am failing with an exception as below in Soap UI (The Keyid is null)
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body>
<AuthenticateTokenResponse xmlns="http://tempuri.org/">
<AuthenticateTokenResult>JWT.SignatureVerificationException:IDX10503: Signature validation failed. Keys tried: 'System.IdentityModel.Tokens.SymmetricSecurityKey , KeyId:
'.
Exceptions caught:
'System.InvalidOperationException: IDX10636: SignatureProviderFactory.CreateForVerifying returned null for key: 'System.IdentityModel.Tokens.SymmetricSecurityKey', signatureAlgorithm: 'RS256'.
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(Byte[] encodedBytes, Byte[] signature, SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
'.
token: '{"alg":"RS256","typ":"JWT","kid":"qwYevA"}.{"iss":"https://identitytoolkit.google.com/","aud":"audience.com","iat":1449135894,"exp":1450345494,"user_id":"12345678900000000","email":"x...@gmail.com","provider_id":"google.com","verified":true,"display_name":"FirstName LastName"}'</AuthenticateTokenResult>
</AuthenticateTokenResponse>
</s:Body>
</s:Envelope>
My webservice function is as below:
string My_Service.AuthenticateToken(string aToken)
{
var authToken = "authtoken";
var secretKey = "Client Secret from the google developer console";
try
{
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var securityToken = tokenHandler.ReadToken(authToken);
var signingCredentials = new SigningCredentials(new System.IdentityModel.Tokens.SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey)), "RS256");
System.IdentityModel.Tokens.SecurityToken validatedToken = null;
var validationParameters = new System.IdentityModel.Tokens.TokenValidationParameters()
{
ValidAudience = "audience.com",
ValidIssuer = "identitytoolkit.google.com",
IssuerSigningKey = new System.IdentityModel.Tokens.SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey)),
};
var principal = tokenHandler.ValidateToken(authToken, validationParameters, out validatedToken);
return principal.ToJSON();
}
catch (Exception ex)
{
return "JWT.SignatureVerificationException:" + ex.Message.ToString();
}
}
Jin Liu
Dec 10, 2015, 2:22:08 AM12/10/15
to Google Identity Toolkit
To validate the Google Identity Toolkit Json Web Token (JWT), you will need to download the X.509 cert of the signing key from https://www.googleapis.com/identitytoolkit/v3/relyingparty/publicKeys.
The endpiont may return a list of certs, since Google Identity Toolkit server periodically rotates the signing key. The 'kid' field in the JWT indicates which cert in the list should be used to validate the signature. This StackOverflow answer http://stackoverflow.com/questions/33325534/google-identiy-toolkit-token-validation-exception-with-net-json-web-token-handl may be helpful to your questions.
Jin
Reply all
Reply to author
Forward
0 new messages