Pascal (Lazarus/Delphi)
Pascal (Lazarus/Delphi)
Validate a Google ID Token
See more OAuth2 Examples
Demonstrates how to verify the signature of a Google id token.Chilkat Pascal (Lazarus/Delphi) Downloads
program ChilkatDemo;
// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.
{$IFDEF FPC}
{$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}
uses
{$IFDEF UNIX}
cthreads,
{$ENDIF}
SysUtils,
CkDllLoader,
Chilkat.Http,
Chilkat.StringBuilder,
Chilkat.Rsa,
Chilkat.PublicKey,
Chilkat.JsonObject;
// ---------------------------------------------------------------------------
procedure RunDemo;
var
success: Boolean;
http: THttp;
jwkStr: string;
json: TJsonObject;
jsonToken: TJsonObject;
sbIdToken: TStringBuilder;
sig_b64Url: string;
headerPlusPayload: string;
rsa: TRsa;
jsonKey: TJsonObject;
pubKey: TPublicKey;
numKeys: Integer;
i: Integer;
bVerified: Boolean;
begin
success := False;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
http := THttp.Create;
// First get the public key we'll be needing..
jwkStr := http.QuickGetStr('https://www.googleapis.com/oauth2/v3/certs');
if (http.LastMethodSuccess = False) then
begin
WriteLn(http.LastErrorText);
Exit;
end;
// We have the following:
// {
// "keys": [
// {
// "kid": "e8732db06287515556213b80acbcfd08cfb302a9",
// "n": "4RIrO30287Wsq3gqXCMkUYMVAeI3H8...w2mbMNEBQ",
// "kty": "RSA",
// "e": "AQAB",
// "alg": "RS256",
// "use": "sig"
// },
// {
// "kid": "8462a71da4f6d611fc0fecf0fc4ba9c37d65e6cd",
// "e": "AQAB",
// "n": "xT_ngLZNmT5GBtJZeTB...Ft4gK0eoFi0d3l8bcw",
// "alg": "RS256",
// "use": "sig",
// "kty": "RSA"
// }
// ]
// }
json := TJsonObject.Create;
success := json.Load(jwkStr);
// -------------------------------------------------
// Load the following..
// {
// "access_token": "ya29.a0...0f",
// "expires_in": 3599,
// "scope": "openid https://www.googleapis.com/auth/userinfo.email",
// "token_type": "Bearer",
// "id_token": "eyJhb...o5nQ"
// }
jsonToken := TJsonObject.Create;
success := jsonToken.LoadFile('qa_data/tokens/google_sample_id_token.json');
if (success = False) then
begin
WriteLn('Failed to load the JSON file...');
Exit;
end;
// Get the id_token;
sbIdToken := TStringBuilder.Create;
success := sbIdToken.Append(jsonToken.StringOf('id_token'));
// Get the signature in base64url format.
// The header + payload remains in sbIdToken.
sig_b64Url := sbIdToken.GetAfterFinal('.',True);
headerPlusPayload := sbIdToken.GetAsString();
WriteLn(sig_b64Url);
WriteLn(headerPlusPayload);
// ---------------------------------------------
// Try validating with each cert's public key.
// Hopefully one will be the key that verifies.
rsa := TRsa.Create;
rsa.EncodingMode := 'base64url';
jsonKey := TJsonObject.Create;
pubKey := TPublicKey.Create;
numKeys := json.SizeOfArray('keys');
i := 0;
while i < numKeys do
begin
json.I := i;
json.ObjectOf2('keys[i]',jsonKey);
success := pubKey.LoadFromString(jsonKey.Emit());
if (success = False) then
begin
WriteLn(pubKey.LastErrorText);
Exit;
end;
WriteLn(i);
WriteLn(pubKey.GetPem(True));
success := rsa.UsePublicKey(pubKey);
bVerified := rsa.VerifyStringENC(headerPlusPayload,'sha256',sig_b64Url);
WriteLn('bVerified = ' + bVerified);
i := i + 1;
end;
// The output is:
// 0
// -----BEGIN RSA PUBLIC KEY-----
// MIIBCgKCAQEA4RIrO30287Wsq3gqXCMkUYMVAeI3H8LVE6IXR1krdFeGnZLiGUPw
// cbkeVpXf3lmJdsStOg+jijces2DZCfPyIBiQuLYfxxmAZE6ErJ0QJFg1stwli2Pz
// 9ncYhFoqi8pXr7kEzEJBTzX4thuw56ydbGsshSEznPXoerCJOc7UI2+n0wFCWQ4Y
// LHbh/PrWt4vdadyUUUW/QpQHXQLdD8q/Qwqdj0O9zlJE7R6Elw2E9EqnHyIGu1hm
// LxhqrTru1M18SUhONYbVskV/BCEdVKs//X96849HorWQDCAgVMWfGsdMVq55FAdJ
// 680N5UmQDRynIZ4+PeNGN4S9iw2mbMNEBQIDAQAB
// -----END RSA PUBLIC KEY-----
//
// bVerified = True
// 1
// -----BEGIN RSA PUBLIC KEY-----
// MIIBCgKCAQEAxT/ngLZNmT5GBdkLtJZjNeTB+8B5yWgrq/e5eMZ1hrZhcmLK+dSn
// IkpOPV8/OekV67EnQ7I4II2rcNJnHGrGKZziXO3XN2gtUHE+mBJC99oULSbX/QwB
// Kz7gC/IBPq9EuxTt6Oq6fPkVQ9DbRIgWJSEGBF/KRaNl3kyAlIZfpY7XgHyJTTv8
// E7yAcYKPR+36gzdl+ps0sDLKzUuAtZNq8llK0u80z6AtAUIYwWdkEhM9upy6keKI
// TasIxcsO7M6kZPINUSbh6t5VAm8FuqRmxpgg+9c9/GQSGd89InVypoVzWLQ+wOGg
// 5G4H6JqIgtj0TRFt4gK0eoFi2U0d3l8bcwIDAQAB
// -----END RSA PUBLIC KEY-----
//
// bVerified = False
http.Free;
json.Free;
jsonToken.Free;
sbIdToken.Free;
rsa.Free;
jsonKey.Free;
pubKey.Free;
end;
// ---------------------------------------------------------------------------
begin
try
RunDemo;
except
on E: Exception do
WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
end;
WriteLn;
{$IFDEF MSWINDOWS}
WriteLn('Press Enter to exit...');
ReadLn;
{$ENDIF}
end.