Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth: Duplicate signature verification check in GoogleIdTokenVerifier #2077

Closed
alexmitic opened this issue May 24, 2022 · 1 comment · Fixed by #2080
Closed

Auth: Duplicate signature verification check in GoogleIdTokenVerifier #2077

alexmitic opened this issue May 24, 2022 · 1 comment · Fixed by #2080
Assignees
@TimurSadykov
Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release.

Comments

@alexmitic
Copy link

Environment details

  1. OS type and version: N/A
  2. Java version: N/A
  3. version(s): google-api-java-client v1.34.1 & google-oauth-java-client v1.33.3

Steps to reproduce

The latest release of google-oauth-java-client added a signature verification check to IdTokenVerifier.verify. In google-api-java-client, GoogleIdTokenVerifier makes a call to super.verify which will perform a signature check. After that GoogleIdTokenVerifier then performs its own signature check.

This look like the signature check is effectively being duplicated?
@yoshi-automation yoshi-automation added the triage me I really want to be triaged. label May 25, 2022
@TimurSadykov TimurSadykov self-assigned this May 26, 2022
@TimurSadykov
Copy link
Contributor

This is going to be fixed along with the googleapis/google-oauth-java-client#891

@TimurSadykov TimurSadykov added the priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. label May 26, 2022
@yoshi-automation yoshi-automation removed the triage me I really want to be triaged. label May 26, 2022
@TimurSadykov TimurSadykov mentioned this issue May 31, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TimurSadykov TimurSadykov

Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release.
Projects
None yet
Milestone
No milestone
3 participants
@TimurSadykov @alexmitic @yoshi-automation