谷歌的OpenIDConnect返回一个Base64令牌无法解析 [英] Google's OpenIDConnect return a Base64 token that cannot be parsed

问题描述

锻炼明白OpenIDConnect，我想认证。

As exercise to understand OpenIDConnect, I am trying to authenticate in my web app with Google following this guide.

问题是我不能读，谷歌发送到我的应用程序令牌>

The problem is I cannot read the token that Google sends to my application>

var bytes = Convert.FromBase64String(codeEx.Id_token);
var token = Encoding.ASCII.GetString(bytes);

它未能在第一行说：输入是不是有效的Base-64字符串，因为它包含非基本64字符，两个以上的填充字符或填充字符之间的非法字符

It fails in the first line saying: "The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters."

在文档中指出：一个ID令牌是加密签名的JSON对象连接$ C $光盘基地64

The doc states: "An ID token is a cryptographically signed JSON object encoded in base 64. "

由于显而易见的原因，我不能在这里把令牌。我曾尝试：

For obvious reasons I cannot put the token here. I have tried:

• The输入不是一个有效的Base-64字符串，因为它包含非基本64个字符的


• 添加'='直到长度是4的倍数。


• 所有在一起。

我得到code交换响应，并与NewtonSoft.Json库反序列化：

I get the code exchange response, and deserialize it with the NewtonSoft.Json library:

  var http = new HttpClient(handler);
  HttpResponseMessage result = await http.PostAsync("https://www.googleapis.com/oauth2/v3/token", postData);
  var json = JObject.Parse(await result.Content.ReadAsStringAsync());

  if (json.Property("error") != null)
      throw new Exception(json.Property("error").Value.ToString() + ":" + json.Property("error_description").Value.ToString());

  var codeEx = json.ToObject<CodeExchangeResponse>();

我不知道是否存在与编码的任何潜在问题。我可以看到几个'，`和'_'in令牌。

I don´t know if there is any potential issue with the encoding. I can see several ´-´and ´_´in the token.

关于如何阅读令牌任何想法？

Any idea about how to read the token?

推荐答案

使用 base64url 解码（而不是简单的的base64 ）令牌的紧凑重新presentation的反序列化在后：

Use base64url decoding (instead of plain base64) after deserialization of the compact representation of the token as in:

var http = new HttpClient(handler);
var result = await http.PostAsync("https://www.googleapis.com/oauth2/v3/token", postData);
var json = JObject.Parse(await result.Content.ReadAsStringAsync());
var payload = json.id_token.split('.')[1];
payload = payload.Replace('-', '+').Replace('_', '/');
var base64 = payload.PadRight(payload.Length + (4 - payload.Length % 4) % 4, '=');
var token = Convert.FromBase64String(base64);

这篇关于谷歌的OpenIDConnect返回一个Base64令牌无法解析的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！