Prefer id_token over access_token in JWT decode (#431)

zquestz · Sep 5, 2022 · 24c6d59 · 24c6d59
1 parent 35b6c74
commit 24c6d59
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 5 deletions.
diff --git a/lib/omniauth/google_oauth2/version.rb b/lib/omniauth/google_oauth2/version.rb
@@ -2,6 +2,6 @@
 
 module OmniAuth
   module GoogleOauth2
-    VERSION = '1.1.0'
+    VERSION = '1.1.1'
   end
 end
diff --git a/lib/omniauth/strategies/google_oauth2.rb b/lib/omniauth/strategies/google_oauth2.rb
@@ -69,9 +69,10 @@ def authorize_params
 
       extra do
         hash = {}
-        hash[:id_token] = access_token.token
-        if !options[:skip_jwt] && !nil_or_empty(access_token.token)
-          decoded = ::JWT.decode(access_token.token, nil, false).first
+        token = nil_or_empty?(access_token['id_token']) ? access_token.token : access_token['id_token']
+        hash[:id_token] = token
+        if !options[:skip_jwt] && !nil_or_empty?(token)
+          decoded = ::JWT.decode(token, nil, false).first
 
           # We have to manually verify the claims because the third parameter to
           # JWT.decode is false since no verification key is provided.
@@ -108,7 +109,7 @@ def custom_build_access_token
 
       private
 
-      def nil_or_empty(obj)
+      def nil_or_empty?(obj)
         obj.is_a?(String) ? obj.empty? : obj.nil?
       end