From deb873a5f4ea6429fa5974c0dfe62b9e0544d9fb Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Mon, 12 Apr 2021 19:09:44 +0300 Subject: Verify Google JWT tokens without Google libraries --- .../java/com/juick/www/api/ApiSocialLogin.java | 22 +++++----------------- 1 file changed, 5 insertions(+), 17 deletions(-) (limited to 'src/main/java/com/juick/www') diff --git a/src/main/java/com/juick/www/api/ApiSocialLogin.java b/src/main/java/com/juick/www/api/ApiSocialLogin.java index 43de04bb..e6116173 100644 --- a/src/main/java/com/juick/www/api/ApiSocialLogin.java +++ b/src/main/java/com/juick/www/api/ApiSocialLogin.java @@ -20,18 +20,13 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.github.scribejava.apis.AppleClientSecretGenerator; import com.github.scribejava.apis.AppleSignInApi; import com.github.scribejava.apis.FacebookApi; +import com.github.scribejava.apis.GoogleTokenVerifier; import com.github.scribejava.apis.VkontakteApi; import com.github.scribejava.core.builder.ServiceBuilder; import com.github.scribejava.core.model.OAuth2AccessToken; import com.github.scribejava.core.model.OAuthRequest; import com.github.scribejava.core.model.Verb; import com.github.scribejava.core.oauth.OAuth20Service; -import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken; -import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier; -import com.google.api.client.http.HttpTransport; -import com.google.api.client.http.javanet.NetHttpTransport; -import com.google.api.client.json.JsonFactory; -import com.google.api.client.json.jackson2.JacksonFactory; import com.juick.model.AuthResponse; import com.juick.model.ext.facebook.User; import com.juick.model.ext.vk.UsersResponse; @@ -58,8 +53,8 @@ import javax.annotation.PostConstruct; import javax.inject.Inject; import java.io.IOException; import java.security.GeneralSecurityException; -import java.util.Collections; import java.util.Map; +import java.util.Optional; import java.util.UUID; import java.util.concurrent.ExecutionException; @@ -109,18 +104,11 @@ public class ApiSocialLogin { @Inject private Users users; - private final HttpTransport transport = new NetHttpTransport(); - private final JsonFactory jsonFactory = new JacksonFactory(); - private GoogleIdTokenVerifier verifier; - @PostConstruct public void init() { ServiceBuilder facebookBuilder = new ServiceBuilder(FACEBOOK_APPID); ServiceBuilder twitterBuilder = new ServiceBuilder(twitterConsumerKey); ServiceBuilder vkBuilder = new ServiceBuilder(VK_APPID); - verifier = new GoogleIdTokenVerifier.Builder(transport, jsonFactory) - .setAudience(Collections.singletonList(googleClientId)) - .build(); facebookAuthService = facebookBuilder .apiSecret(FACEBOOK_SECRET) .callback(FACEBOOK_REDIRECT) @@ -246,9 +234,9 @@ public class ApiSocialLogin { throws GeneralSecurityException, IOException { logger.info("Token: {}", idTokenString); logger.info("Client: {}", googleClientId); - GoogleIdToken idToken = verifier.verify(idTokenString); - if (idToken != null) { - String email = idToken.getPayload().getEmail(); + Optional verifiedEmail = GoogleTokenVerifier.validateToken(idTokenString); + if (verifiedEmail.isPresent()) { + String email = verifiedEmail.get(); com.juick.model.User visitor = userService.getUserByEmail(email); if (visitor.isAnonymous()) { String verificationCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase(); -- cgit v1.2.3