String email = payload.getEmail(); boolean emailVerified = Boolean.valueOf(payload.getEmailVerified()); String name = (String) payload.get("name"); String familyName = (String) payload.get("family_name"); String givenName = (String) payload.get("given_name");
public Optional<OAuthDetails> checkAuthHeader(String authToken) { try { GoogleIdToken token = GoogleIdToken.parse(jsonFactory, authToken); if (tokenVerifier.verify(token)) { GoogleIdToken.Payload payload = token.getPayload(); if (!payload.getAudience().equals(googleOAuthWebClientId)) { return Optional.absent(); } if (!googleAuthClientIds.contains(payload.getAuthorizedParty())) return Optional.absent(); return Optional.of(new OAuthDetails(payload.getSubject(), payload.getEmail())); } } catch (GeneralSecurityException | IOException e) { Log.debug("oauth failed", e); } return Optional.absent(); }
final String email = googleIdToken.getPayload().getEmail(); if (email == null) { logger.debug("No email in id token");
String userId = payload.getSubject(); String email = payload.getEmail();
String userId = payload.getSubject(); String email = payload.getEmail(); boolean emailVerified = Boolean.valueOf(payload.getEmailVerified()); String name = (String) payload.get("name"); String pictureUrl = (String) payload.get("picture"); String locale = (String) payload.get("locale"); String familyName = (String) payload.get("family_name"); String givenName = (String) payload.get("given_name"); } catch (GeneralSecurityException | IOException e) {
@Override public void authorizeServiceAccountUsage(WorkflowId workflowId, String serviceAccount, GoogleIdToken idToken) { final String principalEmail = idToken.getPayload().getEmail();
if (mVerifier.verify(token)) { GoogleIdToken.Payload tempPayload = token.getPayload(); if (!tempPayload.getAudience().equals(mAudience)) mProblem = "Audience mismatch"; else if (!mClientIDs.contains(tempPayload.getIssuee())) mProblem = "Client ID mismatch"; else
public static <T> Middleware<AsyncHandler<Response<T>>, AsyncHandler<Response<T>>> httpLogger( Logger log, RequestAuthenticator authenticator) { return innerHandler -> requestContext -> { final Request request = requestContext.request(); log.info("{}{} {} by {} with headers {} parameters {} and payload {}", "GET".equals(request.method()) ? "" : "[AUDIT] ", request.method(), request.uri(), // TODO: pass in auth context instead of authenticating twice auth(requestContext, authenticator).user().map(idToken -> idToken.getPayload() .getEmail()) .orElse("anonymous"), hideSensitiveHeaders(request.headers()), request.parameters(), request.payload().map(ByteString::utf8).orElse("") .replaceAll("\n", " ")); return innerHandler.invoke(requestContext); }; }
public GoogleIdToken.Payload parse(String tokenString) { GoogleIdToken.Payload payload = null; try { GoogleIdToken token = GoogleIdToken.parse(jsonFactory, tokenString); if (verifier.verify(token)) { GoogleIdToken.Payload tempPayload = token.getPayload(); if (!tempPayload.getAudience().equals(audience)) problem = "Audience mismatch, " + audience + " != " + tempPayload.getAudience(); else if (!clientIDs.contains(tempPayload.getAuthorizedParty())) problem = "Client ID mismatch"; else payload = tempPayload; } } catch (GeneralSecurityException e) { problem = "Security issue: " + e.getLocalizedMessage(); } catch (IOException e) { problem = "Network problem: " + e.getLocalizedMessage(); } return payload; }
Checker checker = new Checker(); GoogleIdToken.Payload payload = checker.check(token); String mail = payload.getEmail();
if (mVerifier.verify(token)) { GoogleIdToken.Payload tempPayload = token.getPayload(); if (!tempPayload.getAudience().equals(mAudience)) mProblem = "Audience mismatch"; else if (!mClientIDs.contains(tempPayload.getAuthorizedParty())) mProblem = "Client ID mismatch"; else payload = tempPayload; }
/** * Returns the obfuscated Google user id or {@code null} for none. * * @deprecated (scheduled to be removed in 1.18) Use {@link #getSubject()} instead. */ @Deprecated public String getUserId() { return getSubject(); }
/** * Returns the client ID of issuee or {@code null} for none. * * @deprecated (scheduled to be removed in 1.18) Use {@link #getAuthorizedParty()} instead. */ @Deprecated public String getIssuee() { return getAuthorizedParty(); }
private Subject buildSubject(String accessToken, GoogleIdToken.Payload payload) { TokenCredential.Builder builder = TokenCredential.builder(); builder.issueTime(toInstant(payload.getIssuedAtTimeSeconds())); builder.expTime(toInstant(payload.getExpirationTimeSeconds())); builder.issuer(payload.getIssuer()); builder.token(accessToken); builder.addToken(GoogleIdToken.Payload.class, payload); String email = payload.getEmail(); String userId = payload.getSubject(); Principal principal = Principal.builder() .id(userId) .name((null == email) ? userId : email) .addAttribute("fullName", payload.get("name")) .addAttribute("emailVerified", payload.getEmailVerified()) .addAttribute("locale", payload.get("locale")) .addAttribute("familyName", payload.get("family_name")) .addAttribute("givenName", payload.get("given_name")) .addAttribute("pictureUrl", payload.get("picture")) .build(); return Subject.builder() .principal(principal) .addPublicCredential(TokenCredential.class, builder.build()) .build(); }