Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: Avoid clock skew issues when logging in with Google (#11442) 

All the data we need for the `info` and `credentials` auth hash
are obtained via the user info API, not the JWT. Using and verifying
the JWT can fail due to clock skew, so let's skip it completely.

PR opened to fix the upstream issue at https://github.com/zquestz/omniauth-google-oauth2/pull/392
This commit is contained in:
David Taylor 2020-12-09 09:09:31 +00:00 committed by GitHub
parent 942888a10c
commit 17fcdd60c1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/auth/google_oauth2_authenticator.rb
View File

@ -29,6 +29,12 @@ class Auth::GoogleOAuth2Authenticator < Auth::ManagedAuthenticator
if (google_oauth2_prompt = SiteSetting.google_oauth2_prompt).present?
strategy.options[:prompt] = google_oauth2_prompt.gsub("|", " ")
end
# All the data we need for the `info` and `credentials` auth hash
# are obtained via the user info API, not the JWT. Using and verifying
# the JWT can fail due to clock skew, so let's skip it completely.
# https://github.com/zquestz/omniauth-google-oauth2/pull/392
strategy.options[:skip_jwt] = true
}
}
omniauth.provider :google_oauth2, options