private Optional<CachedRecord> verifyGoogle(String accessToken, GoogleIdToken token, Tracer tracer, SpanContext tracingSpan) throws SecurityException { Span span = tracer.buildSpan("googleTokenVerification") .asChildOf(tracingSpan) .start(); try { if (verifier.verify(token)) { return Optional.of(new CachedRecord(buildSubject(accessToken, token.getPayload()), () -> !verifyLocal(token.getPayload()))); } else { return Optional.empty(); } } catch (GeneralSecurityException | IOException e) { throw new SecurityException("Failed to verify Google token", e); } finally { span.finish(); } }
/** * Verifies that the given ID token is valid using {@link #verify(GoogleIdToken)} and returns the * ID token if succeeded. * * @param idTokenString Google ID token string * @return Google ID token if verified successfully or {@code null} if failed * @since 1.9 */ public GoogleIdToken verify(String idTokenString) throws GeneralSecurityException, IOException { GoogleIdToken idToken = GoogleIdToken.parse(getJsonFactory(), idTokenString); return verify(idToken) ? idToken : null; }
/** Builds a new instance of {@link GoogleIdTokenVerifier}. */ @Override public GoogleIdTokenVerifier build() { return new GoogleIdTokenVerifier(this); }
@VisibleForTesting GoogleIdTokenVerifier buildGoogleIdTokenVerifier(HttpTransport httpTransport, JsonFactory jsonFactory) { return new GoogleIdTokenVerifier(httpTransport, jsonFactory); }
/** * Verifies that this ID token is valid using {@link GoogleIdTokenVerifier#verify(GoogleIdToken)}. */ public boolean verify(GoogleIdTokenVerifier verifier) throws GeneralSecurityException, IOException { return verifier.verify(this); }
public TokenParser(String[] clientIDs, String audience) { this.clientIDs = Arrays.asList(clientIDs); this.audience = audience; jsonFactory = new GsonFactory(); verifier = new GoogleIdTokenVerifier(new NetHttpTransport(), jsonFactory); }
private GoogleIdToken verifyIdToken(String token) throws IOException { try { return googleIdTokenVerifier.verify(token); } catch (GeneralSecurityException e) { return null; } }
GoogleIdTokenVerifier myVerifier = new GoogleIdTokenVerifier(httpTransport, jsonFactory) {
final GoogleIdToken idToken = GoogleIdToken.parse(JSON_FACTORY, token); final GooglePublicKeysManager manager = new GooglePublicKeysManager.Builder(HTTP_TRANSPORT, JSON_FACTORY) .setPublicCertsEncodedUrl("http://localhost:8080/static/certs.json").build(); final GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(manager) .setAudience(Arrays.asList(CLIENT_ID)).build(); verifier.verify(idToken);
final GoogleIdToken idToken = GoogleIdToken.parse(JSON_FACTORY, token); final GooglePublicKeysManager manager = new GooglePublicKeysManager.Builder(HTTP_TRANSPORT, JSON_FACTORY).setPublicCertsEncodedUrl(CUSTOM_CERTS_URL).build(); final GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(manager).setAudience(Arrays.asList(CLIENT_ID)).build(); verifier.verify(idToken);
GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder( Client.getInstance().getHttpTransport(), Client.getInstance().getJsonFactory()).build(); GoogleIdToken token = verifier.verify(stringToken); String clientId = token.getPayload().getAuthorizedParty();
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken; import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload; import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier; ... GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(transport, jsonFactory) .setAudience(Arrays.asList(CLIENT_ID)) // If you retrieved the token on Android using the Play Services 8.3 API or newer, set // the issuer to "https://accounts.google.com". Otherwise, set the issuer to // "accounts.google.com". If you need to verify tokens from multiple sources, build // a GoogleIdTokenVerifier for each issuer and try them both. .setIssuer("https://accounts.google.com") .build(); // (Receive idTokenString by HTTPS POST) GoogleIdToken idToken = verifier.verify(idTokenString); if (idToken != null) { System.out.println("Valid ID token."); } else { System.out.println("Invalid ID token."); }
public Optional<OAuthDetails> checkAuthHeader(String authToken) { try { GoogleIdToken token = GoogleIdToken.parse(jsonFactory, authToken); if (tokenVerifier.verify(token)) { GoogleIdToken.Payload payload = token.getPayload(); if (!payload.getAudience().equals(googleOAuthWebClientId)) { return Optional.absent(); } if (!googleAuthClientIds.contains(payload.getAuthorizedParty())) return Optional.absent(); return Optional.of(new OAuthDetails(payload.getSubject(), payload.getEmail())); } } catch (GeneralSecurityException | IOException e) { Log.debug("oauth failed", e); } return Optional.absent(); }
public GoogleIdToken.Payload parse(String tokenString) { GoogleIdToken.Payload payload = null; try { GoogleIdToken token = GoogleIdToken.parse(jsonFactory, tokenString); if (verifier.verify(token)) { GoogleIdToken.Payload tempPayload = token.getPayload(); if (!tempPayload.getAudience().equals(audience)) problem = "Audience mismatch, " + audience + " != " + tempPayload.getAudience(); else if (!clientIDs.contains(tempPayload.getAuthorizedParty())) problem = "Client ID mismatch"; else payload = tempPayload; } } catch (GeneralSecurityException e) { problem = "Security issue: " + e.getLocalizedMessage(); } catch (IOException e) { problem = "Network problem: " + e.getLocalizedMessage(); } return payload; }
try { GoogleIdToken token = GoogleIdToken.parse(mJFactory, tokenString); if (mVerifier.verify(token)) { GoogleIdToken.Payload tempPayload = token.getPayload(); if (!tempPayload.getAudience().equals(mAudience))
JsonWebSignature jws = JsonWebSignature.parser(mJFactory).setPayloadClass(Payload.class).parse(tokenString); GoogleIdToken token = new GoogleIdToken(jws.getHeader(), (Payload) jws.getPayload(), jws.getSignatureBytes(), jws.getSignedContentBytes()) { public boolean verify(GoogleIdTokenVerifier verifier) throws GeneralSecurityException, IOException { try { return verifier.verify(this); } catch (java.security.SignatureException e) { return false; } } };
JsonWebSignature jws = JsonWebSignature.parser(mJFactory).setPayloadClass(Payload.class).parse(tokenString); GoogleIdToken token = new GoogleIdToken(jws.getHeader(), (Payload) jws.getPayload(), jws.getSignatureBytes(), jws.getSignedContentBytes()) { public boolean verify(GoogleIdTokenVerifier verifier) throws GeneralSecurityException, IOException { try { return verifier.verify(this); } catch (java.security.SignatureException e) { return false; } } };
.build(); GoogleIdToken idToken = verifier.verify(token); if (idToken != null) { Payload payload = idToken.getPayload();
.build(); GoogleIdToken idToken = verifier.verify(token); if (idToken != null) { GoogleIdToken.Payload payload = idToken.getPayload();