Revert "always verify token"

This reverts commit 8ac40c7. # Conflicts: # website/server/libs/auth/social.js
HabitRPG · Mar 2, 2020 · ca1e519 · ca1e519
1 parent 23c7f75
commit ca1e519
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/website/server/libs/auth/social.js b/website/server/libs/auth/social.js
@@ -38,13 +38,13 @@ const auth = new AppleAuth(JSON.stringify({
 async function _appleProfile (req) {
   let idToken = {};
   const code = req.body.code ? req.body.code : req.query.code;
-  let passedToken = req.body.id_token ? req.body.id_token : req.query.id_token;
+  const passedToken = req.body.id_token ? req.body.id_token : req.query.id_token;
   if (code) {
     const response = await auth.accessToken(code);
-    passedToken = response.id_token;
+    idToken = jwt.decode(response.id_token);
+  } else if (passedToken) {
+    idToken = await jwt.verify(passedToken, applePublicKey, { algorithms: ['RS256'] });
   }
-  idToken = await jwt.verify(passedToken, applePublicKey, { algorithms: ['RS256'] });
-
   return {
     id: idToken.sub,
     emails: [{ value: idToken.email }],