When using Google's OpenIDConnect authentication system, it's possible to specify email or profile or both in the scope parameter. If you request the email scope, the "email" and "email_verified" c...

I am trying to register my app for Oauth consent screen, so that I can create a OAuth client ID. I keep getting this validation error at end of the form, even though I have submitted everything cor...

Say I have the following response from Google's OAuth2 /token endpoint after exchanging the code obtained from the /auth endpoint (using this example OAuth Playground request): { "access_token": ...

I am working on an e-commerce website. Our website provides the option to signup using google account (using OAuth). Our website is responsive and can be accessed using mobile devices, however it i...

I am new to OAuth, and want to get the user ID (an email address) from Google using OAuth. But I don't want to get the user's Google Contacts Information.

I am working with OpenID Connect in my application, i got the JWT token correctly from Google and I need to validate it using Signature. To achieve this i need the public key, Google provide an URL...

RFC 8628 doesn't state that the client_secret parameter is needed for Device Access Token Request: https://datatracker.ietf.org/doc/html/rfc8628#section-3.4 When I do such a request using Google AP...

I am trying to integrate Google Sign in to my application, but I get errors that I cannot understand. I have configured everything according to the tutorial here, but it would not authenticate me....

I know Microsoft provides a Google-specific OIDC package (Microsoft.AspNetCore.Authentication.Google) which takes an option in .AddGoogle() to specify AccessType that can be set to offline. But can...

We have some users who cannot connect to our platform via Google. When this happens, it's always for a specific device, but with the information we have so far, it's not all the same device kind (t...

The background I'm using the Google Apps Script to create a Gmail Add-on. Via this plugin, I would like to connect to my backend server (a non-Google service) using a REST service request. The requ...

According to OIDC specs when an authentication request contains the max_age field the ID Token returned MUST include an auth_time Claim Value Starting January 28, we don't see the auth_time fi...

I've created a new MVC5 Web Application, and when I try to login with Google or Facebook, the ExternalLoginCallback Action in the AccountController is called, but GetExternalLoginInfoAsync() always...

My web site used to have a link to let users login with their Google accounts in Open ID 2.0. Since 20.4.2015, this is no longer working, so I am trying to migrate to Google Sign-In. This page: ht...

Problem: Missing OAuth 2 Refresh Token. The problem is that the localhost version receives a Refresh Token as part of the granted token but the same code running in GCE does not. Details: I have wr...

So we're building a RESTful service on google cloud running on GCE instances. This service is going to be consumed internally, i.e. web servers. I'm thinking about securing this service using Oauth...

I can't get a user's id_token (https://developers.google.com/accounts/docs/CrossClientAuth) from the Chrome identity api (https://developer.chrome.com/apps/identity). I can get an access_token us...

I am using asp.net mvc 4 template, which ships with OpenID2 as default. Since google has depricated OpenID 2.0, I want to use OAuth 2.0. I checked all MSN blogs where there is no solution for out ...

Is it possible to restrict login to my web application only the accounts that are in a google group ? I don't want everyone can just login with their private gmail but only the users who are in m...

I am attempting to use Google Sign-In for Websites (https://developers.google.com/identity/sign-in/web/) and noticed that my solution is not working in Internet Explorer 11. To try to eliminate as ...

What is the correct oauth2 flow for a desktop application? Besides a desktop application I have a SPA Web GUI which does use the Implicit flow. There it does not matters if the client Redirects aft...

I'm using Google's OpenIDConnect authentication, and I want to validate the JWT id_token returned from Google. However, the documentation seems inconsistent about what value Google returns for the ...

To make it short: How exactly does an "Self-Issued OpenID Provider" differentiate from a “normal OpenID Provider” (lets say google) ? I read the specification which just says : "OpenID Connect...

Using the quick start sample provided by Google I've been able to get Sign In for Web Apps to work in Chrome and Firefox. However it fails on Internet Explorer (version 11.) It will log the user in...

Are https://www.google.com/accounts/o8/id and https://me.yahoo.com are Google's and Yahoo's OpenID Endpoint or the URL's to which I must send the discovery request, which in response will have the ...