Sample code for 30+ languages & platforms
SQL Server

Validate a Google ID Token

See more OAuth2 Examples

Demonstrates how to verify the signature of a Google id token.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    DECLARE @http int
    EXEC @hr = sp_OACreate 'Chilkat.Http', @http OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    -- First get the public key we'll be needing..
    DECLARE @jwkStr nvarchar(4000)
    EXEC sp_OAMethod @http, 'QuickGetStr', @jwkStr OUT, 'https://www.googleapis.com/oauth2/v3/certs'
    EXEC sp_OAGetProperty @http, 'LastMethodSuccess', @iTmp0 OUT
    IF @iTmp0 = 0
      BEGIN
        EXEC sp_OAGetProperty @http, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @http
        RETURN
      END

    -- We have the following:

    --     {
    --       "keys": [
    -- 	{
    -- 	  "kid": "e8732db06287515556213b80acbcfd08cfb302a9",
    -- 	  "n": "4RIrO30287Wsq3gqXCMkUYMVAeI3H8...w2mbMNEBQ",
    -- 	  "kty": "RSA",
    -- 	  "e": "AQAB",
    -- 	  "alg": "RS256",
    -- 	  "use": "sig"
    -- 	},
    -- 	{
    -- 	  "kid": "8462a71da4f6d611fc0fecf0fc4ba9c37d65e6cd",
    -- 	  "e": "AQAB",
    -- 	  "n": "xT_ngLZNmT5GBtJZeTB...Ft4gK0eoFi0d3l8bcw",
    -- 	  "alg": "RS256",
    -- 	  "use": "sig",
    -- 	  "kty": "RSA"
    -- 	}
    --       ]
    --     }

    DECLARE @json int
    EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @json OUT

    EXEC sp_OAMethod @json, 'Load', @success OUT, @jwkStr

    -- -------------------------------------------------

    -- Load the following..

    --  {
    --   "access_token": "ya29.a0...0f",
    --   "expires_in": 3599,
    --   "scope": "openid https://www.googleapis.com/auth/userinfo.email",
    --   "token_type": "Bearer",
    --   "id_token": "eyJhb...o5nQ"
    -- }

    DECLARE @jsonToken int
    EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jsonToken OUT

    EXEC sp_OAMethod @jsonToken, 'LoadFile', @success OUT, 'qa_data/tokens/google_sample_id_token.json'
    IF @success = 0
      BEGIN

        PRINT 'Failed to load the JSON file...'
        EXEC @hr = sp_OADestroy @http
        EXEC @hr = sp_OADestroy @json
        EXEC @hr = sp_OADestroy @jsonToken
        RETURN
      END

    -- Get the id_token;
    DECLARE @sbIdToken int
    EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbIdToken OUT

    EXEC sp_OAMethod @jsonToken, 'StringOf', @sTmp0 OUT, 'id_token'
    EXEC sp_OAMethod @sbIdToken, 'Append', @success OUT, @sTmp0

    -- Get the signature in base64url format.
    -- The header + payload remains in sbIdToken.
    DECLARE @sig_b64Url nvarchar(4000)
    EXEC sp_OAMethod @sbIdToken, 'GetAfterFinal', @sig_b64Url OUT, '.', 1
    DECLARE @headerPlusPayload nvarchar(4000)
    EXEC sp_OAMethod @sbIdToken, 'GetAsString', @headerPlusPayload OUT


    PRINT @sig_b64Url

    PRINT @headerPlusPayload

    -- ---------------------------------------------

    -- Try validating with each cert's public key.
    -- Hopefully one will be the key that verifies.

    DECLARE @rsa int
    EXEC @hr = sp_OACreate 'Chilkat.Rsa', @rsa OUT

    EXEC sp_OASetProperty @rsa, 'EncodingMode', 'base64url'

    DECLARE @jsonKey int
    EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jsonKey OUT

    DECLARE @pubKey int
    EXEC @hr = sp_OACreate 'Chilkat.PublicKey', @pubKey OUT

    DECLARE @numKeys int
    EXEC sp_OAMethod @json, 'SizeOfArray', @numKeys OUT, 'keys'
    DECLARE @i int
    SELECT @i = 0
    WHILE @i < @numKeys
      BEGIN
        EXEC sp_OASetProperty @json, 'I', @i

        EXEC sp_OAMethod @json, 'ObjectOf2', @success OUT, 'keys[i]', @jsonKey

        EXEC sp_OAMethod @jsonKey, 'Emit', @sTmp0 OUT
        EXEC sp_OAMethod @pubKey, 'LoadFromString', @success OUT, @sTmp0
        IF @success = 0
          BEGIN
            EXEC sp_OAGetProperty @pubKey, 'LastErrorText', @sTmp0 OUT
            PRINT @sTmp0
            EXEC @hr = sp_OADestroy @http
            EXEC @hr = sp_OADestroy @json
            EXEC @hr = sp_OADestroy @jsonToken
            EXEC @hr = sp_OADestroy @sbIdToken
            EXEC @hr = sp_OADestroy @rsa
            EXEC @hr = sp_OADestroy @jsonKey
            EXEC @hr = sp_OADestroy @pubKey
            RETURN
          END


        PRINT @i
        EXEC sp_OAMethod @pubKey, 'GetPem', @sTmp0 OUT, 1
        PRINT @sTmp0

        EXEC sp_OAMethod @rsa, 'UsePublicKey', @success OUT, @pubKey

        DECLARE @bVerified int
        EXEC sp_OAMethod @rsa, 'VerifyStringENC', @bVerified OUT, @headerPlusPayload, 'sha256', @sig_b64Url

        PRINT 'bVerified = ' + @bVerified

        SELECT @i = @i + 1
      END

    -- The output is:

    -- 0
    -- -----BEGIN RSA PUBLIC KEY-----
    -- MIIBCgKCAQEA4RIrO30287Wsq3gqXCMkUYMVAeI3H8LVE6IXR1krdFeGnZLiGUPw
    -- cbkeVpXf3lmJdsStOg+jijces2DZCfPyIBiQuLYfxxmAZE6ErJ0QJFg1stwli2Pz
    -- 9ncYhFoqi8pXr7kEzEJBTzX4thuw56ydbGsshSEznPXoerCJOc7UI2+n0wFCWQ4Y
    -- LHbh/PrWt4vdadyUUUW/QpQHXQLdD8q/Qwqdj0O9zlJE7R6Elw2E9EqnHyIGu1hm
    -- LxhqrTru1M18SUhONYbVskV/BCEdVKs//X96849HorWQDCAgVMWfGsdMVq55FAdJ
    -- 680N5UmQDRynIZ4+PeNGN4S9iw2mbMNEBQIDAQAB
    -- -----END RSA PUBLIC KEY-----
    -- 
    -- bVerified = True
    -- 1
    -- -----BEGIN RSA PUBLIC KEY-----
    -- MIIBCgKCAQEAxT/ngLZNmT5GBdkLtJZjNeTB+8B5yWgrq/e5eMZ1hrZhcmLK+dSn
    -- IkpOPV8/OekV67EnQ7I4II2rcNJnHGrGKZziXO3XN2gtUHE+mBJC99oULSbX/QwB
    -- Kz7gC/IBPq9EuxTt6Oq6fPkVQ9DbRIgWJSEGBF/KRaNl3kyAlIZfpY7XgHyJTTv8
    -- E7yAcYKPR+36gzdl+ps0sDLKzUuAtZNq8llK0u80z6AtAUIYwWdkEhM9upy6keKI
    -- TasIxcsO7M6kZPINUSbh6t5VAm8FuqRmxpgg+9c9/GQSGd89InVypoVzWLQ+wOGg
    -- 5G4H6JqIgtj0TRFt4gK0eoFi2U0d3l8bcwIDAQAB
    -- -----END RSA PUBLIC KEY-----
    -- 
    -- bVerified = False

    EXEC @hr = sp_OADestroy @http
    EXEC @hr = sp_OADestroy @json
    EXEC @hr = sp_OADestroy @jsonToken
    EXEC @hr = sp_OADestroy @sbIdToken
    EXEC @hr = sp_OADestroy @rsa
    EXEC @hr = sp_OADestroy @jsonKey
    EXEC @hr = sp_OADestroy @pubKey


END
GO