Reputation: 664
Google open id connect
I'm trying to secure my endpoint using open Id connect. Currently there is only a mobile app client. With Google as the Identity provider, I have Id_token and access_token.
My question is can I use this access token returned as a part of authentication to authorize user to access my endpoint? If yes, Is there a way to validate the access token within my server?
Or Should I create an access token for the user and store the same, so that when the user requests, I will check in the DB/Redis ?
Upvotes: 0
Views: 97
Answers (2)
Reputation: 664
As @jwilleke mentioned, OAuth2.0 doesn't specify a way in which an access token can be validated with Authorization server.
Hence the approach that I took was to verify the JWT Id token by checking the signature of it and storing the access token returned along with it.
Upvotes: 0
Reputation: 11046
OpenID connect is an Authentication layer on top of the "Authorization" framework OAuth 2.0. So the Access Token is the "Authorization" for the OAuth Client to access the resource.
Perhaps this post may help.
Upvotes: 1
Related Questions
- Google API OAuth2
- Does StackOverflow use OpenID Connect for Google log in?
- Open Identity and OAuth
- GoogleCredentialsBuilder OAuth 2.0
- OAuth 2.0 and OpenID Connect
- Google Authentication : OAuth2.0 Vs OpenID Connect
- Google SignIn State
- Google OpenIdConnect People
- Android- Oauth 2.0 google login
- Google Federated Login (OpenID + OAuth 2)