fix: use verifyPayload instead of verify to disable duplicate signatu…

…re check (#2080)
googleapis · Jun 2, 2022 · 003ca44 · 003ca44
1 parent 8684064
commit 003ca44
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/...ent/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleIdTokenVerifier.java b/...ent/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleIdTokenVerifier.java
@@ -161,10 +161,11 @@ public final long getExpirationTimeMilliseconds() {
    * @return {@code true} if verified successfully or {@code false} if failed
    */
   public boolean verify(GoogleIdToken googleIdToken) throws GeneralSecurityException, IOException {
-    // check the payload
-    if (!super.verify(googleIdToken)) {
+    // check the payload only
+    if (!super.verifyPayload(googleIdToken)) {
       return false;
     }
+
     // verify signature, try all public keys in turn.
     for (PublicKey publicKey : publicKeys.getPublicKeys()) {
       if (googleIdToken.verifySignature(publicKey)) {