Reputation: 181
How to add custom claims to Google ID_Token with Google OAuth 2.0 for Web Server Applications
We have configured Google OAuth 2.0 for Web Server Applications as mentioned in https://developers.google.com/identity/protocols/oauth2/web-server#httprest.
Got the code using,
https://accounts.google.com/o/oauth2/v2/auth? scope=https%3A//www.googleapis.com/auth/drive.metadata.readonly& access_type=offline& include_granted_scopes=true& response_type=code& state=state_parameter_passthrough_value& redirect_uri=https%3A//oauth2.example.com/code& client_id=client_id.
Got JWT using,
POST /token HTTP/1.1 Host: oauth2.googleapis.com Content-Type: application/x-www-form-urlencoded
code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7& client_id=your_client_id& client_secret=your_client_secret& redirect_uri=https%3A//oauth2.example.com/code& grant_type=authorization_code
Now my decoded id_token looks like,
{
"alg": "RS256",
"kid": "b63ee0be093d9bc312d958c9966d21f0c8f6bbbb",
"typ": "JWT"
}.{
"iss": "https://accounts.google.com",
"azp": "640523414127-4eaptj129qb79v33pm0il71r4f506ts9.apps.googleusercontent.com",
"aud": "640523414127-4eaptj129qb79v33pm0il71r4f506ts9.apps.googleusercontent.com",
"sub": "118185565008542236388",
"email": "[email protected]",
"email_verified": true,
"at_hash": "K_sS85PI2ptkOIrUoWcM7Q",
"iat": 1595931406,
"exp": 1595935006
}.[Signature]
Now how can I add custom claim so that the above id_token contains my new claim, for example,
"policy": "readWrite"
And finally the decoded id_token should look like,
{
"alg": "RS256",
"kid": "b63ee0be093d9bc312d958c9966d21f0c8f6bbbb",
"typ": "JWT"
}.{
"iss": "https://accounts.google.com",
"azp": "640523414127-4eaptj129qb79v33pm0il71r4f506ts9.apps.googleusercontent.com",
"aud": "640523414127-4eaptj129qb79v33pm0il71r4f506ts9.apps.googleusercontent.com",
"sub": "118185565008542236388",
"email": "[email protected]",
"email_verified": true,
"at_hash": "K_sS85PI2ptkOIrUoWcM7Q",
"iat": 1595931406,
"exp": 1595935006,
**"policy": "readWrite"**
}.[Signature]
Upvotes: 5
Views: 3202
Answers (1)
Reputation: 1
Maybe it will help:
Configuring custom claims on users (...) Before you begin Install the Admin SDK. (...)
admin.auth().setCustomUserClaims(uid, {admin: true})https://cloud.google.com/identity-platform/docs/how-to-configure-custom-claims
Upvotes: -2
Related Questions
- How to add custom claims in JWT/idToken obtained from google workspace login
- Add custom claims to JWT ACCESS TOKEN using OIDC & WSO2 IS
- How to create custom claims in JWT using spring-authorization-server
- How to add custom claim to bearer token?
- Spring JWT - Add custom claims
- Add claims to a JWT token in OpenAM?
- Custom claims with Jwt Bearer Authentication
- To add google group as claims into a token
- Google API: Authenticating with oauth user id
- Google oAuth 2.0 (JWT token request) for Service Application