mirror of
https://github.com/discourse/discourse.git
synced 2024-11-22 16:02:46 +08:00
FIX: Avoid clock skew issues when logging in with Google (#11442)
All the data we need for the `info` and `credentials` auth hash are obtained via the user info API, not the JWT. Using and verifying the JWT can fail due to clock skew, so let's skip it completely. PR opened to fix the upstream issue at https://github.com/zquestz/omniauth-google-oauth2/pull/392
This commit is contained in:
parent
942888a10c
commit
17fcdd60c1
|
@ -29,6 +29,12 @@ class Auth::GoogleOAuth2Authenticator < Auth::ManagedAuthenticator
|
|||
if (google_oauth2_prompt = SiteSetting.google_oauth2_prompt).present?
|
||||
strategy.options[:prompt] = google_oauth2_prompt.gsub("|", " ")
|
||||
end
|
||||
|
||||
# All the data we need for the `info` and `credentials` auth hash
|
||||
# are obtained via the user info API, not the JWT. Using and verifying
|
||||
# the JWT can fail due to clock skew, so let's skip it completely.
|
||||
# https://github.com/zquestz/omniauth-google-oauth2/pull/392
|
||||
strategy.options[:skip_jwt] = true
|
||||
}
|
||||
}
|
||||
omniauth.provider :google_oauth2, options
|
||||
|
|
Loading…
Reference in New Issue
Block a user