/google-token-erlang

Google ID token verifier for Erlang

Primary LanguageErlangMIT LicenseMIT

Google ID Token Verifier - Erlang

Build Status Hex.pm

An Erlang application that verifies the integrity of Google ID tokens in accordance with Google's criterias.

Google ID tokens are JWT web tokens passed by clients applications who authenicated to Google Identity Platform

OTP Version

Required: OTP 18 and later

Setup

This application can be downloaded as a dependency from Hex

{deps, [
  {google_token, "1.0.5"}
]}. 

Start google_token in your application's .app.src file

{applications, [
  kernel,
  stdlib,
  crypto,
  ssl,
  inets,
  google_token  
]}.

NOTE: The applications crypto, ssl, and inets must be started first

Usage

Once started, google_token can be used by calling either validate/1 or validate/2

IdToken = <<"eyJhbGciOiJSUzI1NiIsImtpZCI6IjcxMjY3OWMzMzVmMWQyZGIxM2FkZTQ0N2NlYjY2NThkM2QwZWExZWIifQ....">>,
{valid, Claims} = google_token:validate(IdToken).

It's necessary to check the aud claim against your own client ID. You can do this manually by yourself, or you can pass a list of IDs as the second parameter of validate/2

IdToken = <<"eyJhbGciOiJSUzI1NiIsImtpZCI6IjcxMjY3OWMzMzVmMWQyZGIxM2FkZTQ0N2NlYjY2NThkM2QwZWExZWIifQ....">>,
Ids = [<<"...apps.googleusercontent.com">>],
{valid, Claims} = google_token:validate(IdToken, Ids).

Implementation based on: https://developers.google.com/identity/sign-in/web/backend-auth