How can I check the google token id sent from Android on Ruby on Rails server?
I have an android app with google app. According to the documentation, I created a token id:
// Configure Google Sign-In with the requestIdToken
GoogleSignInOptions googleSignInOptions = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken(getString(R.string.server_client_id))
.requestEmail()
.build();
// Handle result
private void handleSignInResult(GoogleSignInResult result) {
if (result.isSuccess()) {
GoogleSignInAccount account = result.getSignInAccount();
String tokenId = account.getIdToken();
}
}
I ran into a server side problem with Ruby on Rails. I am trying to use the google-id-token gem. See the README for an example:
validator = GoogleIDToken::Validator.new(expiry: 1800)
begin
payload = validator.check(token, required_audience, required_client_id)
email = payload['email']
rescue GoogleIDToken::ValidationError => e
report "Cannot validate: #{e}"
end
I have token
(from android javascript code). What is it required_audience
? Should I use the same ones in client_id
my client application? When I try to run the code on the server, I get the payload as nil
.
Also, I would like to know if this is the correct way to check the token id.
source to share
After some research, I found the answers to my questions. Here they are:
What is needed? audience?
It can be obtained from the decoded JWT string. You can decode it like this:
JWT.decode(token, nil, false)
Should I use the same client_id of my client application?
Yes. required_audience
and required_client_id
should be the same. Otherwise, the check fails.
Then why did I get the payload like nil
?
The problem is that the gem is in GitHub and the other in RubyGems is different. I solved this problem by pointing the Gemfile gem on GitHub:
gem 'google-id-token', git: 'https://github.com/google/google-id-token.git'
source to share