private Optional<CachedRecord> verifyGoogle(String accessToken, GoogleIdToken token, Tracer tracer, SpanContext tracingSpan) throws SecurityException { Span span = tracer.buildSpan("googleTokenVerification") .asChildOf(tracingSpan) .start(); try { if (verifier.verify(token)) { return Optional.of(new CachedRecord(buildSubject(accessToken, token.getPayload()), () -> !verifyLocal(token.getPayload()))); } else { return Optional.empty(); } } catch (GeneralSecurityException | IOException e) { throw new SecurityException("Failed to verify Google token", e); } finally { span.finish(); } }
private AuthenticationResponse cachedResponse(String token, Tracer tracer, SpanContext tracingSpan) { try { GoogleIdToken gToken = tokenParser.apply(jsonFactory, token); GoogleIdToken.Payload payload = gToken.getPayload(); // validate timeout if (verifyLocal(payload)) { return subjectCache.computeValue(token, () -> verifyGoogle(token, gToken, tracer, tracingSpan)) .map(CachedRecord::getSubject) .map(AuthenticationResponse::success) .orElseGet(() -> fail(null)); } else { subjectCache.remove(token); return fail(null); } } catch (SecurityException e) { if (e.getCause() instanceof IOException) { return failInvalidRequest((IOException) e.getCause()); } return fail(e.getCause()); } catch (Exception e) { return fail(e); } }
GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder( Client.getInstance().getHttpTransport(), Client.getInstance().getJsonFactory()).build(); GoogleIdToken token = verifier.verify(stringToken); String clientId = token.getPayload().getAuthorizedParty();
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeTokenRequest; import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken; import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse; import com.google.api.client.http.HttpTransport; import com.google.api.client.http.javanet.NetHttpTransport; import com.google.api.client.json.jackson.JacksonFactory; private final val TRANSPORT: HttpTransport = new NetHttpTransport() private final val JSON_FACTORY: JacksonFactory = new JacksonFactory() GoogleTokenResponse tokenResponse = new GoogleAuthorizationCodeTokenRequest(TRANSPORT, JSON_FACTORY, CLIENT_ID, CLIENT_SECRET, code, "postmessage").execute(); GoogleIdToken idToken = tokenResponse.parseIdToken(); String gplusId = idToken.getPayload().getSubject();
GoogleIdToken.Payload payload = idToken.getPayload();
final String email = googleIdToken.getPayload().getEmail(); if (email == null) { logger.debug("No email in id token");
public Optional<OAuthDetails> checkAuthHeader(String authToken) { try { GoogleIdToken token = GoogleIdToken.parse(jsonFactory, authToken); if (tokenVerifier.verify(token)) { GoogleIdToken.Payload payload = token.getPayload(); if (!payload.getAudience().equals(googleOAuthWebClientId)) { return Optional.absent(); } if (!googleAuthClientIds.contains(payload.getAuthorizedParty())) return Optional.absent(); return Optional.of(new OAuthDetails(payload.getSubject(), payload.getEmail())); } } catch (GeneralSecurityException | IOException e) { Log.debug("oauth failed", e); } return Optional.absent(); }
GoogleIdToken token = GoogleIdToken.parse(mJFactory, tokenString); if (mVerifier.verify(token)) { GoogleIdToken.Payload tempPayload = token.getPayload(); if (!tempPayload.getAudience().equals(mAudience)) mProblem = "Audience mismatch";
public GoogleIdToken.Payload parse(String tokenString) { GoogleIdToken.Payload payload = null; try { GoogleIdToken token = GoogleIdToken.parse(jsonFactory, tokenString); if (verifier.verify(token)) { GoogleIdToken.Payload tempPayload = token.getPayload(); if (!tempPayload.getAudience().equals(audience)) problem = "Audience mismatch, " + audience + " != " + tempPayload.getAudience(); else if (!clientIDs.contains(tempPayload.getAuthorizedParty())) problem = "Client ID mismatch"; else payload = tempPayload; } } catch (GeneralSecurityException e) { problem = "Security issue: " + e.getLocalizedMessage(); } catch (IOException e) { problem = "Network problem: " + e.getLocalizedMessage(); } return payload; }
public static <T> Middleware<AsyncHandler<Response<T>>, AsyncHandler<Response<T>>> httpLogger( Logger log, RequestAuthenticator authenticator) { return innerHandler -> requestContext -> { final Request request = requestContext.request(); log.info("{}{} {} by {} with headers {} parameters {} and payload {}", "GET".equals(request.method()) ? "" : "[AUDIT] ", request.method(), request.uri(), // TODO: pass in auth context instead of authenticating twice auth(requestContext, authenticator).user().map(idToken -> idToken.getPayload() .getEmail()) .orElse("anonymous"), hideSensitiveHeaders(request.headers()), request.parameters(), request.payload().map(ByteString::utf8).orElse("") .replaceAll("\n", " ")); return innerHandler.invoke(requestContext); }; }
String userId = ((GoogleTokenResponse) tokenResponse).parseIdToken().getPayload().getUserId();
Payload payload = idToken.getPayload(); System.out.println("User ID: " + payload.getSubject()); } else {
@Override public void authorizeServiceAccountUsage(WorkflowId workflowId, String serviceAccount, GoogleIdToken idToken) { final String principalEmail = idToken.getPayload().getEmail();
GoogleIdToken.Payload payload = idToken.getPayload();
GoogleIdToken.Payload payload = googleIdToken.getPayload(); String userId = payload.getSubject(); String email = payload.getEmail();