How to get an access token in JWT format in Flutter's google_sign_in?
The idToken
provided by the Google Sign In libraries is already an Open Id Connect Token as you can see in this documentation, that means it already comes in a secure JWT format, so yeah, it definately ok to use it.
The Google Sign In libraries also offer a OAuth2 access token which can be called with GoogleSignInAuthentication.accessToken
, by using that you might be able to generate a token in JWT format.
So it's really up to you, personally I would use the provided idToken
, as it ready for you to use already.
Marcin
Updated on December 29, 2022Comments
-
Marcin over 1 year
I am authenticating calls to a private API running on GCP behind GCP Cloud Endpoints as described here.
It is working ok, but for each call I am using
GoogleSignInAuthentication.idToken
that contains user's profile information and generally too much information for access.GoogleSignInAuthentication.authToken
andGoogleSignInAccount.authHeaders
are not in JWT format and are being rejected by Endpoints.Is there a way to get access token in JWT format in
google_sing_in
? Or maybe it is ok to use the id token for each call?-
John Hanley about 3 yearsGoogle OAuth Access Tokens are not JWTs. They are opaque tokens. Use the OAuth Identity Tokens. How much information (claims) is contained in an Identity Token is affected by the request scopes (opened, email, profile). developers.google.com/identity/protocols/oauth2/…
-