Geek asks and answers

Invalid Google OAuth2 Token?

I have a valid OAuth2 token that Google accepts, but GoogleIdTokenVerifier cannot even parse it.

Icon ya29.1.AADtN_XcjzHgauKetBvrbgHImGFg1pjiHRQAKHyTglBDjEZsTPUMQJ5p-xAKtk955_4r6MdnTe3HZ08(not worried, it has already expired).

It got on Android using

accountManager.blockingGetAuthToken(account, "oauth2:https://www.googleapis.com/auth/userinfo.email", true);

When I call https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=... I get a reasonable result, for example

{
  "issued_to": "34951113407.apps.googleusercontent.com",
  "audience": "34951113407.apps.googleusercontent.com",
  "scope": "https://www.googleapis.com/auth/userinfo.email",
  "expires_in": 3175,
  "email": "me@gmail.com",
  "verified_email": true,
  "access_type": "offline"
}

Therefore, it must be a valid token. But when I call

new GoogleIdTokenVerifier(new UrlFetchTransport(), JacksonFactory.getDefaultInstance())
    .verify(authToken)

It gives me

com.fasterxml.jackson.core.JsonParseException: Unexpected character ('É' (code 201)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')
 at [Source: java.io.ByteArrayInputStream@69886979; line: 1, column: 2]
    at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1378)
    at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:599)
    at com.fasterxml.jackson.core.base.ParserMinimalBase._reportUnexpectedChar(ParserMinimalBase.java:520)
    at com.fasterxml.jackson.core.json.UTF8StreamJsonParser._handleUnexpectedValue(UTF8StreamJsonParser.java:2275)
    at com.fasterxml.jackson.core.json.UTF8StreamJsonParser._nextTokenNotInObject(UTF8StreamJsonParser.java:788)
    at com.fasterxml.jackson.core.json.UTF8StreamJsonParser.nextToken(UTF8StreamJsonParser.java:674)
    at com.google.api.client.json.jackson2.JacksonParser.nextToken(JacksonParser.java:55)
    at com.google.api.client.json.JsonParser.startParsing(JsonParser.java:213)
    at com.google.api.client.json.JsonParser.parse(JsonParser.java:372)
    at com.google.api.client.json.JsonParser.parse(JsonParser.java:328)
    at com.google.api.client.json.JsonParser.parseAndClose(JsonParser.java:158)
    at com.google.api.client.json.JsonParser.parseAndClose(JsonParser.java:140)
    at com.google.api.client.json.JsonFactory.fromInputStream(JsonFactory.java:206)
    at com.google.api.client.json.webtoken.JsonWebSignature$Parser.parse(JsonWebSignature.java:480)
    at com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.parse(GoogleIdToken.java:57)
    at com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier.verify(GoogleIdTokenVerifier.java:190)

Debugging JsonWebSignature it seems that the token payload is equal 1.

  • Android 4.4.2
  • com.google.http client: google-http client-jackson2: 1.17.0-gs
  • com.fasterxml.jackson.core: jackson-core: 2.3.0 ( 2.1.3 google-http-client-jackson) GsonFactory, , JsonWebSignature.parse().

? ?

+3
1

.

OAuth2 access_token - , , , .

, GoogleIdTokenVerifier: OpenID Connect id_token. , , - , , , ( !).

, , [GoogleAuthUtil # getToken (android.content.Context, java.lang.String, java.lang.String)] ( https://developers.google.com/android/reference/com/google/android/gms/auth/GoogleAuthUtil#getToken(android.content.Context, java.lang.String, java.lang.String)) - id_token String - , , openid oauth2:https://www.googleapis.com/auth/userinfo.email.

, , , , :)

+5

More articles:


All Articles