Google Federated Login (OpenID + OAuth 2)

Question

I'm trying to get OpenID working with OAuth 2 for using Google's API. I only want the user to have to "grant access" once when they login for the first time. Here is the flow I have so far:

User clicks "Login with Google"
My server signs in the User with OpenID. With federated login I receive an OAuth Request Token.

From https://developers.google.com/accounts/docs/OpenID#oauth it says the next step is to exchange the request token for an access token. However, I see a couple problems with this:

It is an OAuth 1 API call.
It requires a verifier. Don't I need the user to "grant access" to receive the verifier? How is this federated?

Thanks for any help!

score 7 · Accepted Answer · answered May 16 '12 at 18:26

7

You should use OAuth 2.0 based authentication: https://developers.google.com/accounts/docs/OAuth2Login

This is also referred to as OpenID Connect.

This will redirect to your site with an authorization code. You then exchange that for an access token. You can validate the access token by calling the TokenInfo endpoint with a simple REST request. This will give you a simple userid identifier.

After, you make a call to get the detailed profile information, such as name + email, etc.

You can see more about how it works with this great demo: http://oauthssodemo.appspot.com/

answered May 16 '12 at 18:26

Ryan Boyd

2,978
1
21
19

Is OAuth 2.0 really same as OpenID Connect. Is OAuth 2.0 a protocol to implement the Authentication part of OpenID Connect? – Mohammed Shareef C Mar 01 '17 at 05:52
I also found this on stackoverflow. Please check its answer: http://stackoverflow.com/questions/1087031/whats-the-difference-between-openid-and-oauth – Mohammed Shareef C Mar 01 '17 at 05:55

Google Federated Login (OpenID + OAuth 2)

1 Answers1