Re: Google Identity Platform as OAuth2 server

msilva · 11-30-2021 12:55 PM

I want to user Google Identity Platform as the CIAM solution for our GKE-based cloud service. We have a requirement to allow 3rd parties to access our cloud APIs using credentials they obtain via OAuth.

For example, our cloud service provides APIs that Google Assistant or Amazon Alexa can access on behalf of our users. Therefore, we want to provide an OAuth-based token manager that uses the identities of our customers as defined in the Google Identity Platform.

Is this type of OAuth service possible using Google Identity Platform, or the underlying Firebase service that drives it?

Steven

Hi msilva,

From what I can tell in the documentation and from your question, it definitely looks possible to use OAuth authentication in conjunction with Google Identity Platform. The documentation here lists a number of authentication methods such as setting up a federated identity provider or a custom identity provider that should give you what you're looking for.

Hope this helps!

msilva

Thanks Steven, but this documentation talks about using OAuth from a federated identity provider (i.e. the token is issued by the 3rd party provider).

The case I want is using Google Identity as the Oauth server - i.e. where it serves a login screen, collects username/password and returns an authorization code which is later exchanged for a token (i.e. the standard OAuth authorization code flow).

I ended up building the OAuth authorization code flow myself and I use google identity to exchange username/password for tokens via API.

rikotsev

Hi,

Can you elaborate a bit more on what exactly have you build? Do your users have to have a google account or are they just using their own username/password? How do you convert the Identity Platform id_token for an access token to a Google API?