StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
20242618
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2013-11-27T12:32:19.380
FavoriteCount
0
LastActivityDate
2013-11-28T19:38:25.333
LastEditDate
2013-11-28T19:38:25.333
LastEditorUserId
407431
OwnerUserId
407431
ParentId
20159782
PostTypeId
2
Score
50
ViewCount
0
LastEditorDisplayName
text
Body
From the specification point of view, what you are encountering is [OpenID Connect]. id_token is a [JWS] signed [JWT]. In this case, it is a "." separated string with three components. The first portion is the header. The second is the payload. The third is the signature. Each of them are Base64url encoded string. When you decode the header, you will get something like: {"alg":"RS256","kid":"43ebb53b0397e7aaf3087d6844e37d55c5fb1b67"} The "alg" indicates that the signature algorithm is RS256, which is defined in [JWA]. The "kid" indicates the key id of the public key that corresponds to the key used to sign. Now I am ready to answer some of your questions: <blockquote> 2: How will I know when I need to pull in a fresh version of it? </blockquote> When the kid of the cached cert file (a [JWK] file) does not match the kid in the header, fetch a new cert file. (BTW, the URL from which you pull the certs are called x5u.) <blockquote> 3: It seems like passing in true for noVerify (3rd arg in jwt.decode) is a terrible idea. How can I get that to work without passing that in? </blockquote> Indeed. Perhaps you might want to look at another library such as kjur.github.io/jsjws/ . References <ul> <li>[OpenID Connect] openid.bitbucket.org/openid-connect-core-1_0.html</li> <li>[JWS] tools.ietf.org/html/draft-ietf-jose-json-web-signature</li> <li>[JWT] tools.ietf.org/html/draft-ietf-oauth-json-web-token‎</li> <li>[JWK] tools.ietf.org/html/draft-ietf-oauth-json-web-keys</li> <li>[JWA] tools.ietf.org/html/draft-ietf-jose-json-web-algorithms</li> </ul>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POHow can I decode a google OAuth 2.0 JWT (OpenID Connect) in a node app?
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USNat Sakimura
UserOwnerUserId
1. USNat Sakimura
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POHow can I decode a google OAuth 2.0 JWT (OpenID Connect) in a node app?
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COAwesome! Thanks so much for the thorough and detailed explanation. This has helped tremendously in my understanding of what I was even trying to do. And now I know what I should be searching for if I have any more questions. I really appreciate it.
 singulars
 PostPostId
 PO
 UserUserId
 USThePuzzleMaster

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.