-
Sean Liao authored
The provider.Verifier.Verify endpoint we were using only works with ID tokens. This isn't an issue with systems which use ID tokens as access tokens (e.g. dex), but for systems with opaque access tokens (e.g. Google / GCP), those access tokens could not be verified. Instead, check the access token against the getUserInfo endpoint. Signed-off-by:
Sean Liao <sean+git@liao.dev> Co-authored-by:
Maksim Nabokikh <max.nabokih@gmail.com>
Sean Liao authoredThe provider.Verifier.Verify endpoint we were using only works with ID tokens. This isn't an issue with systems which use ID tokens as access tokens (e.g. dex), but for systems with opaque access tokens (e.g. Google / GCP), those access tokens could not be verified. Instead, check the access token against the getUserInfo endpoint. Signed-off-by:
Code owners
Assign users and groups as approvers for specific file changes. Learn more.