Migrating from Google OpenID to new OAuth 2

Question

I see that there are some questions about this already but none that i found goes into any details.

I have using my own code from DotNetOpenAuth before but now i dec

Answer 1

sub and openid_id fields are contained in the OpenID Connect ID token, rather than the access token.

You can get an ID token either via the token endpoint (same one that you use to retrieve access tokens) or alternatively you can also retrieve it directly from the OpenID Connect authentication request (by adding id_token to the response_type parameter, potentially saving a back-end call to the token endpoint).

Hope that helps!

--

Sample of how to obtain an ID token

(flows generated using oauthplayground -- highly recommended tool to debug OAuth2/OpenID Connect flows)

1. Go to https://developers.google.com/oauthplayground
2. Select (for instance) Oauth2 API v2 userinfo.email scope
3. Click Authorize APIs
4. Approve OAuth2 request
5. Press the "Exchange authorization code for tokens" button.

You can see all http requests/responses. Interestingly, the response to the call to Google's token API contains

{ "access_token": "ya29.XYZ", "token_type": "Bearer", "expires_in": 3600, "refresh_token": "1/KgXYZ", "id_token": "my.id.token" }

You can base 64 decode the payload of the obtained ID token (in this example "id") and get all relevant user information. To do base 64 decoding manually you can use any online tools (see https://www.base64decode.org/ for instance).