I've just added a new npm modules that decodes and validates Google's id_token. You can find the code here: https://github.com/gmelika/google-id-token
Usage is fairly straightforward:
var googleIdToken = require('google-id-token');
var parser = new googleIdToken({ getKeys: getGoogleCerts });
parser.decode(sampleGoogleIDToken, function(err, token) {
if(err) {
console.log("error while parsing the google token: " + err);
} else {
console.log("parsed id_token is:\n" + JSON.stringify(token));
}
});
the getGoogleCerts
function referenced above is a user supplied function that would return the appropriate Google certificate based on the supplied key. A very basic example of this is:
var request = require('request');
function getGoogleCerts(kid, callback) {
request({uri: 'https://www.googleapis.com/oauth2/v1/certs'}, function(err, response, body){
if(err && response.statusCode !== 200) {
err = err || "error while retrieving the google certs";
console.log(err);
callback(err, {})
} else {
var keys = JSON.parse(body);
callback(null, keys[kid]);
}
});
}
Obviously you would want to add caching in there. Feel free to use your favorite caching mechanism to do that.
Hope that helps.