Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT validation missing aud validation #1042

Closed
labramusic opened this issue Jun 20, 2017 · 0 comments
Closed

JWT validation missing aud validation #1042

labramusic opened this issue Jun 20, 2017 · 0 comments
Assignees
@chrisdunelm
Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. Type: Enhancement
Milestone
v1.28

Comments

@labramusic
Copy link

labramusic commented Jun 20, 2017
edited

The method ValidateAsync in GoogleJsonWebSignature.cs doesn't seem to check if aud value in the ID token is equal to user's app’s client ID as described in the third step here: https://developers.google.com/identity/protocols/OpenIDConnect#validatinganidtoken.
Maybe the method should receive some sort of audience similar to how Java api's GoogleIdTokenVerifier does or is this intended to be done manually after validation using async method?
@chrisdunelm chrisdunelm added priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. Type: Enhancement labels Jul 13, 2017
@chrisdunelm chrisdunelm added this to the v1.28 milestone Jul 16, 2017
chrisdunelm added a commit to chrisdunelm/google-api-dotnet-client that referenced this issue Jul 17, 2017
@chrisdunelm
Additional JWT claims; full JWT verification
e365072 
Fixes googleapis#1040. Fixes googleapis#1042
@chrisdunelm chrisdunelm mentioned this issue Jul 17, 2017
Merged
chrisdunelm added a commit that referenced this issue Jul 17, 2017
@chrisdunelm
Additional JWT claims; full JWT verification (#1060)
26d2a56 
Fixes #1040. Fixes #1042
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chrisdunelm chrisdunelm

Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. Type: Enhancement
Projects
None yet
Milestone
v1.28
Development

No branches or pull requests
2 participants
@chrisdunelm @labramusic