Skip to content

Commit

Permalink
fix: use verifyPayload instead of verify to disable duplicate signatu…
Browse files Browse the repository at this point in the history
…re check (#2080)
  • Loading branch information
TimurSadykov authored Jun 2, 2022
1 parent 8684064 commit 003ca44
Showing 1 changed file with 3 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -161,10 +161,11 @@ public final long getExpirationTimeMilliseconds() {
* @return {@code true} if verified successfully or {@code false} if failed
*/
public boolean verify(GoogleIdToken googleIdToken) throws GeneralSecurityException, IOException {
// check the payload
if (!super.verify(googleIdToken)) {
// check the payload only
if (!super.verifyPayload(googleIdToken)) {
return false;
}

// verify signature, try all public keys in turn.
for (PublicKey publicKey : publicKeys.getPublicKeys()) {
if (googleIdToken.verifySignature(publicKey)) {
Expand Down

0 comments on commit 003ca44

Please sign in to comment.