From 0ee3f113457e3605b00590c6e078126fd1fc12ac Mon Sep 17 00:00:00 2001 From: Jay Lee Date: Fri, 14 Feb 2020 12:05:13 -0500 Subject: [PATCH] decode/verify id token on each refresh --- src/gam.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/gam.py b/src/gam.py index 964f6489..46c60d62 100755 --- a/src/gam.py +++ b/src/gam.py @@ -13268,7 +13268,8 @@ def writeCredentials(creds): expected_iss = ['https://accounts.google.com', 'accounts.google.com'] if _getValueFromOAuth('iss', creds) not in expected_iss: controlflow.system_error_exit(13, f'Wrong OAuth 2.0 credentials issuer. Got {_getValueFromOAuth("iss", creds)} expected one of {", ".join(expected_iss)}') - creds_data['decoded_id_token'] = GC_Values[GC_DECODED_ID_TOKEN] + request = transport.create_request() + creds_data['decoded_id_token'] = google.oauth2.id_token.verify_oauth2_token(creds.id_token, request) data = json.dumps(creds_data, indent=2, sort_keys=True) fileutils.write_file(GC_Values[GC_OAUTH2_TXT], data)