Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: use verifyPayload instead of verify to disable duplicate signatu… #2080

Merged
merged 2 commits into from Jun 2, 2022
Merged

fix: use verifyPayload instead of verify to disable duplicate signatu… #2080

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f37751c
fix: use verifyPayload instead of verify to disable duplicate signatu…
TimurSadykov May 31, 2022
46d7b90
Merge remote-tracking branch 'upstream/main' into stim-signer-fix
TimurSadykov Jun 2, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
5 changes: 3 additions & 2 deletions ...ent/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleIdTokenVerifier.java
View file
Open in desktop
Expand Up @@ -161,10 +161,11 @@ public final long getExpirationTimeMilliseconds() {
* @return {@code true} if verified successfully or {@code false} if failed
*/
public boolean verify(GoogleIdToken googleIdToken) throws GeneralSecurityException, IOException {
// check the payload
if (!super.verify(googleIdToken)) {
// check the payload only
if (!super.verifyPayload(googleIdToken)) {
return false;
}

// verify signature, try all public keys in turn.
for (PublicKey publicKey : publicKeys.getPublicKeys()) {
if (googleIdToken.verifySignature(publicKey)) {
Expand Down