[Question] send id_token from google js api credential to callback

[arpu]

Hi,

tested some options with the newer google api from https://developers.google.com/identity/gsi/web/reference/js-reference?hl=en

the response is jwtToken
credential

How i understand the omniauth-google-oauth2 i need to POST the id_token= the JWToken ?

and set the server option provider_ignores_state: true ( found in the README )

but i get

self.access_token = access_token.refresh! if access_token.expired?
 ^^^^^^^^^: NoMethodError, undefined method `expired?' for nil:NilClass

any idea?

[zquestz]

There is a JS example at:

https://github.com/zquestz/omniauth-google-oauth2/blob/master/examples/config.ru

I believe you will want to pass access_token.

[arpu]

Hi @zquestz

Thanks, this example just works with the code response from the google

but not with the newer credential
using POST params like

const req = {"access_token": response.credential}

error is :

(google_oauth2) Authentication failure! invalid_credentials: OAuth2::Error, Invalid Value
 {
"error_description": "Invalid Value"
 }

setting the header for axios
axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest'; does not change the error

[arpu]

if i am right the new credentials should be confirmend with

  payload = Google::Auth::IDTokens.verify_oidc(params[:credential], aud: ENV['GOOGLE_CLIENT_ID'])

described in this blog post https://patrickkarsh.medium.com/how-to-add-google-one-touch-authentication-to-a-ruby-on-rails-application-6ac8776c4190