Removed Check for Client ID (#19)

* removed check for client ids * Revert "removed check for client ids" This reverts commit 17f67b6. * feat: provide api to parse token * Revert "feat: provide api to parse token" This reverts commit 8d12ae1. * Revert "Revert "removed check for client ids"" This reverts commit e67d8ab. * doc: doc this feature * doc: lint * doc: lib --------- Co-authored-by: caojen <caojen@mail2.sysu.edu.cn>
caojen · Apr 19, 2024 · 7e27317 · 7e27317
1 parent fec5012
commit 7e27317
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -58,6 +58,10 @@ async fn main() {
 }
 ```
 
+**Do verification without any client id**
+
+When no `client_id` is provided for `AsyncClient`, `cliend_id` will not be used when validating `id_token`. In this case, `AsyncClient` will accept all `client_id`. However, Google issuer (`iss`), expiration (`exp`) and JWT hash **CAN NOT** be skipped.
+
 ### 3. Do Verification (`AccessToken`)
 
 Sometimes, Google will return an `access_token` instead of `id_token`. `Google-Oauth` still provides API for validate

diff --git a/src/async_client.rs b/src/async_client.rs
@@ -93,19 +93,8 @@ impl AsyncClient {
     pub async fn validate_id_token<S>(&self, token: S) -> MyResult<GooglePayload>
         where S: AsRef<str>
     {
-        // fast check:
-        // if there is no given client id, simple return without communicating with Google server.
-
-        let client_ids = self.client_ids.read().await;
-
-        if client_ids.is_empty() {
-            return Err(Error::IDTokenClientIDNotFoundError(IDTokenClientIDNotFoundError {
-                get: token.as_ref().to_string(),
-                expected: Default::default(),
-            }))
-        }
-
         let token = token.as_ref();
+        let client_ids = self.client_ids.read().await;
 
         let parser: JwtParser<GooglePayload> = JwtParser::parse(token)?;
 

diff --git a/src/lib.rs b/src/lib.rs
@@ -53,6 +53,12 @@
 //!     println!("Hello, I am {}", &payload.sub);
 //! }
 //! ```
+//! 
+//! **Do verification without any client id**
+//! 
+//! When no `client_id` is provided for `AsyncClient`, `cliend_id` will not be used when validating `id_token`.
+//! In this case, `AsyncClient` will accept all `client_id`.
+//! However, Google issuer (`iss`), expiration (`exp`) and JWT hash **CAN NOT** be skipped.
 //!
 //! ### 3. Do Verification (`AccessToken`)
 //!

diff --git a/src/validate/id_token.rs b/src/validate/id_token.rs
@@ -19,7 +19,7 @@ pub fn validate_info<T, V>(client_ids: T, parser: &JwtParser<GooglePayload>) ->
         T: AsRef<[V]>,
         V: AsRef<str>,
 {
-    if !client_ids.as_ref().iter().any(|c| c.as_ref() == parser.payload.aud.as_str()) {
+    if !client_ids.as_ref().is_empty() && !client_ids.as_ref().iter().any(|c| c.as_ref() == parser.payload.aud.as_str()) {
         // bail!("id_token: audience provided does not match aud claim in the jwt");
         Err(IDTokenClientIDNotFoundError::new(&parser.payload.aud, client_ids))?
     }