aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2022-04-19 20:43:21 +0300
committerGravatar Vitaly Takmazov2022-05-12 11:08:36 +0300
commit9af778fc2d1ffac142628da4f9e2fd027dbfec7c (patch)
tree3b9b284f69de457c2c04a85f73a6161151b17263 /src
parentbd266a36308e66b2b47cfcab06cd4a596507f113 (diff)
Google sign in: validate client id
Diffstat (limited to 'src')
-rw-r--r--src/main/java/com/github/scribejava/apis/GoogleTokenVerifier.java8
-rw-r--r--src/main/java/com/juick/www/api/ApiSocialLogin.java2
2 files changed, 5 insertions, 5 deletions
diff --git a/src/main/java/com/github/scribejava/apis/GoogleTokenVerifier.java b/src/main/java/com/github/scribejava/apis/GoogleTokenVerifier.java
index 35a9d832..a7d48a34 100644
--- a/src/main/java/com/github/scribejava/apis/GoogleTokenVerifier.java
+++ b/src/main/java/com/github/scribejava/apis/GoogleTokenVerifier.java
@@ -3,6 +3,7 @@ package com.github.scribejava.apis;
import java.net.MalformedURLException;
import java.net.URL;
import java.text.ParseException;
+import java.util.Collections;
import java.util.Map;
import java.util.Optional;
@@ -20,11 +21,10 @@ import com.nimbusds.jwt.proc.DefaultJWTProcessor;
public class GoogleTokenVerifier {
- public static Optional<String> validateToken(String idToken) {
+ public static Optional<String> validateToken(String clientId, String idToken) {
// Create a JWT processor for the access tokens
- ConfigurableJWTProcessor<SecurityContext> jwtProcessor =
- new DefaultJWTProcessor<>();
+ ConfigurableJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
// The public RSA keys to validate the signatures will be sourced from the
// OAuth 2.0 server's JWK set, published at a well-known URL. The RemoteJWKSet
@@ -49,7 +49,7 @@ public class GoogleTokenVerifier {
jwtProcessor.setJWSKeySelector(keySelector);
// Set the required JWT claims for access tokens issued by the server
- jwtProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier<>());
+ jwtProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier<>(Collections.singleton(clientId), null, null, null));
// Process the token
Map<String, Object> claimsSet;
diff --git a/src/main/java/com/juick/www/api/ApiSocialLogin.java b/src/main/java/com/juick/www/api/ApiSocialLogin.java
index 5e17d2b7..02f16676 100644
--- a/src/main/java/com/juick/www/api/ApiSocialLogin.java
+++ b/src/main/java/com/juick/www/api/ApiSocialLogin.java
@@ -230,7 +230,7 @@ public class ApiSocialLogin {
throws GeneralSecurityException, IOException {
logger.info("Token: {}", idTokenString);
logger.info("Client: {}", googleClientId);
- Optional<String> verifiedEmail = GoogleTokenVerifier.validateToken(idTokenString);
+ Optional<String> verifiedEmail = GoogleTokenVerifier.validateToken(googleClientId, idTokenString);
if (verifiedEmail.isPresent()) {
String email = verifiedEmail.get();
com.juick.model.User visitor = userService.getUserByEmail(email);