Google OpenID Connect

[fredericcambon]

The backend for Google OpenID Connect (https://github.com/omab/python-social-auth/blob/master/social/backends/google.py#L207) do not match the documentation (https://developers.google.com/accounts/docs/OpenIDConnect)
Indeed, Google OpenID Connect do not support yet 'nonce' param, and extra steps are required to validate an id token (https://developers.google.com/accounts/docs/OpenIDConnect#validatinganidtoken)

=> Google OpenID Connect do not match exactly the specification for OpenID Connect (http://openid.net/specs/openid-connect-core-1_0.html) and its implementation in python-social-auth does not work such as it is now (at least for me)

Has anyone else tried to use it ?

The errors :

• Error 400 if I don't remove the 'nonce' param
• id_token (jwt) cannot be decoded because the key required to do so is at https://www.googleapis.com/oauth2/v2/certs

With the deprecation of Google OpenID approaching (https://developers.google.com/accounts/docs/OpenID) I suppose some people will have to migrate to OpenID Connect or Google+.

[ebpetway]

I'm running into the same issue, as I was hoping to use OpenID Connect instead of having to rely on the user having a Google+ account.

Edit: Just read that the user actually doesn't even need a Google+ account if you just use the "profile" scope.
Source: https://developers.google.com/+/api/auth-migration

[eshellman]

I couldn't get Google Open ID Connect to work, I just couldn't shake the AuthCanceled exception on auth-complete. using the Google OAuth2 backend seems to be the right way to replace Google OpenID

[domino14]

So this doesn't work? We gotta use Google OAuth2 backend?

[omab]

The related PRs to properly fix Google OpenId Connect were merged or ported to social-core.