AssertionType

  • The app supports specific assertion types at the token endpoint, including ID_TOKEN and ACCOUNT_CREATION, while UNKNOWN_ASSERTION_TYPE is rejected.

  • The ID_TOKEN assertion type utilizes an OpenID Connect ID token, which is a JWT token following a specific grant type and verification process, potentially including a non-standard intent=get key for linking existing accounts.

  • The ACCOUNT_CREATION assertion type is similar to ID_TOKEN but includes a non-standard intent=create key, indicating an attempt to create a new account associated with a Google ID.

Assertion types that the app can support at the token endpoint.

Enums
UNKNOWN_ASSERTION_TYPE Unknown assertion type for backwards compatability. Rejected.
ID_TOKEN

OpenIDConnect ID token. This is JWT token with grantType set to urn:ietf:params:oauth:grant-type:jwt-bearer. This is the same token as produced by Google Sign-In libraries, and its verification is documented at https://developers.google.com/identity/sign-in/web/backend-auth. For more information on JWT tokens, see https://tools.ietf.org/html/rfc7523#section-2.1

This token will include the non-standard key-value pair intent=get when the user attempts to link to an existing account.

The response should be as per https://tools.ietf.org/html/rfc6749#section-4.1.4 in the event of success, and as per https://tools.ietf.org/html/rfc6749#section-4.2.2.1 in the event of error.
ACCOUNT_CREATION This is the same as ID_TOKEN, except that a non-standard key "intent" will be set to "create" indicating that the user is atempting to create a new account that should be associated with the Google ID in the sub field of the JWT, as with other usage of Google Sign-In. The responses are as with ID_TOKEN.