diff options
| author |  Vitaly Takmazov | 2022-04-19 20:43:21 +0300 |
|---|---|---|
| committer | Vitaly Takmazov | 2022-05-12 11:08:36 +0300 |
| commit | 9af778fc2d1ffac142628da4f9e2fd027dbfec7c (patch) | |
| tree | 3b9b284f69de457c2c04a85f73a6161151b17263 | |
| parent | bd266a36308e66b2b47cfcab06cd4a596507f113 (diff) | |
Google sign in: validate client id
| -rw-r--r-- | src/main/java/com/github/scribejava/apis/GoogleTokenVerifier.java | 8 | ||||
| -rw-r--r-- | src/main/java/com/juick/www/api/ApiSocialLogin.java | 2 |
2 files changed, 5 insertions, 5 deletions
diff --git a/src/main/java/com/github/scribejava/apis/GoogleTokenVerifier.java b/src/main/java/com/github/scribejava/apis/GoogleTokenVerifier.java index 35a9d832..a7d48a34 100644 --- a/src/main/java/com/github/scribejava/apis/GoogleTokenVerifier.java +++ b/src/main/java/com/github/scribejava/apis/GoogleTokenVerifier.java @@ -3,6 +3,7 @@ package com.github.scribejava.apis; import java.net.MalformedURLException; import java.net.URL; import java.text.ParseException; +import java.util.Collections; import java.util.Map; import java.util.Optional; @@ -20,11 +21,10 @@ import com.nimbusds.jwt.proc.DefaultJWTProcessor; public class GoogleTokenVerifier { - public static Optional<String> validateToken(String idToken) { + public static Optional<String> validateToken(String clientId, String idToken) { // Create a JWT processor for the access tokens - ConfigurableJWTProcessor<SecurityContext> jwtProcessor = - new DefaultJWTProcessor<>(); + ConfigurableJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>(); // The public RSA keys to validate the signatures will be sourced from the // OAuth 2.0 server's JWK set, published at a well-known URL. The RemoteJWKSet @@ -49,7 +49,7 @@ public class GoogleTokenVerifier { jwtProcessor.setJWSKeySelector(keySelector); // Set the required JWT claims for access tokens issued by the server - jwtProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier<>()); + jwtProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier<>(Collections.singleton(clientId), null, null, null)); // Process the token Map<String, Object> claimsSet; diff --git a/src/main/java/com/juick/www/api/ApiSocialLogin.java b/src/main/java/com/juick/www/api/ApiSocialLogin.java index 5e17d2b7..02f16676 100644 --- a/src/main/java/com/juick/www/api/ApiSocialLogin.java +++ b/src/main/java/com/juick/www/api/ApiSocialLogin.java @@ -230,7 +230,7 @@ public class ApiSocialLogin { throws GeneralSecurityException, IOException { logger.info("Token: {}", idTokenString); logger.info("Client: {}", googleClientId); - Optional<String> verifiedEmail = GoogleTokenVerifier.validateToken(idTokenString); + Optional<String> verifiedEmail = GoogleTokenVerifier.validateToken(googleClientId, idTokenString); if (verifiedEmail.isPresent()) { String email = verifiedEmail.get(); com.juick.model.User visitor = userService.getUserByEmail(email); |