Skip to content
Snippets Groups Projects
Unverified Commit affd4d4e authored by Sean Liao's avatar Sean Liao Committed by GitHub
Browse files

verify access tokens by checking getuserinfo during a token exchange (#3031)


The provider.Verifier.Verify endpoint we were using only works with ID
tokens. This isn't an issue with systems which use ID tokens as access
tokens (e.g. dex), but for systems with opaque access tokens (e.g.
Google / GCP), those access tokens could not be verified.
Instead, check the access token against the getUserInfo endpoint.

Signed-off-by: default avatarSean Liao <sean+git@liao.dev>
Co-authored-by: default avatarMaksim Nabokikh <max.nabokih@gmail.com>
parent f2358ef2
No related branches found
No related tags found
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment