From 9af778fc2d1ffac142628da4f9e2fd027dbfec7c Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Tue, 19 Apr 2022 20:43:21 +0300
Subject: Google sign in: validate client id

---
 src/main/java/com/juick/www/api/ApiSocialLogin.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/main/java/com/juick/www')

diff --git a/src/main/java/com/juick/www/api/ApiSocialLogin.java b/src/main/java/com/juick/www/api/ApiSocialLogin.java
index 5e17d2b7..02f16676 100644
--- a/src/main/java/com/juick/www/api/ApiSocialLogin.java
+++ b/src/main/java/com/juick/www/api/ApiSocialLogin.java
@@ -230,7 +230,7 @@ public class ApiSocialLogin {
             throws GeneralSecurityException, IOException {
         logger.info("Token: {}", idTokenString);
         logger.info("Client: {}", googleClientId);
-        Optional<String> verifiedEmail = GoogleTokenVerifier.validateToken(idTokenString);
+        Optional<String> verifiedEmail = GoogleTokenVerifier.validateToken(googleClientId, idTokenString);
         if (verifiedEmail.isPresent()) {
             String email = verifiedEmail.get();
             com.juick.model.User visitor = userService.getUserByEmail(email);
-- 
cgit v1.2.3