how to verify google openid response

Question

I\'m trying to add authorization throw google openid to my users. I\'m receiving id (https://www.google.com/accounts/o8/id?id=AIt...Ew-Bo) but how can i check that it\'s legit.

Answer 1

Rather than trying to implement discovery and signature verification by yourself, you really ought to use one of the many libraries that have already been created for this purpose. Here are a bunch for various programming languages:

http://openid.net/developers/libraries/