If you use Google Sign-In with an app or site that communicates with a backend server, you might need to identify the currently signed-in user on the server.To do so securely, after a user successfully signs in, send the user's ID token to your server using HTTPS.Then, on the server, verify the integrity of the ID token and retrieve the user's ID from the , on your backend server.

validating id-27

Calling this endpoint involves an additional network request that does most of the validation for you, but introduces some latency and the potential for network errors.

To validate an ID token using the { // These six fields are included in all Google ID Tokens.

"iss": "https://accounts.google.com", "sub": "110169484474386276334", "azp": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381googleusercontent.com", "aud": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381googleusercontent.com", "iat": "1433978353", "exp": "1433981953", // These seven fields are only included when the user has granted the "profile" and // "email" OAuth scopes to the application. Google Id Token Verifier verifier = new Google Id Token Verifier.

"email": "[email protected]", "email_verified": "true", "name" : "Test User", "picture": "https://lh4.googleusercontent.com/-k Ygzy AWp Zz J/ABCDEFGHI/AAAJKLMNOP/t IXL9Ir44LE/s99-c/photo.jpg", "given_name": "Test", "family_name": "User", "locale": "en" } claim, which indicates the hosted domain of the user. Builder(transport, json Factory) Audience(List(CLIENT_ID)) // If you retrieved the token on Android using the Play Services 8.3 API or newer, set // the issuer to "https://accounts.google.com".

} else { println("Invalid ID token."); }from oauth2client import client, crypt # (Receive token by HTTPS POST) try: idinfo = client.verify_id_token(token, CLIENT_ID) # If multiple clients access the backend server: if idinfo['aud'] not in [ANDROID_CLIENT_ID, IOS_CLIENT_ID, WEB_CLIENT_ID]: raise crypt.

App Identity Error("Unrecognized client.") if idinfo['iss'] not in ['accounts.google.com', 'https://accounts.google.com']: raise crypt.

App Identity Error("Wrong issuer.") if idinfo['hd'] ! App Identity Error("Wrong hosted domain.") except crypt.

This can be used to restrict access to a resource to only members of certain domains. Otherwise, set the issuer to // "accounts.google.com".

The absence of this claim indicates that the user does not belong to a Google Apps for Work hosted domain. If you need to verify tokens from multiple sources, build // a Google Id Token Verifier for each issuer and try them both.