-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Login by google works only when not using a client_id #1900
Comments
Any Updates? |
I can confirm this problem. Removing setClientId($clientId); allows to work verifyIdToken() method properly. |
Why tho ? I had this bug, in my application, where I was setting "unintentionally" a null or empty client id and every token were considered valid. |
I have the same question as well. But is it possible that the security layer is the part that we register an app in google cloud console. Therefore, no need to set client id for sending API request from your app. |
Same happens to me |
Hello thank you for filing this issue. The problem seems to occur on this line, which is the only place in the I am not sure what the use case is where the audience isn't the client ID. According to the RFC, the audience is "the recipients that the JWT is So maybe you could provide some clarity into why the audience doesn't match the client ID? Bypassing this check, as you've found, can be achieved by setting the client ID to null (or not setting it in the first place) when you call |
If when you are looking at this, have the audience be able to accept an array of ClientIds. |
I've submitted a feature request to allow for passing in an |
I'm building a login by google for a mobile app and I have this weird issue that took from me 2 days to debug!!
That's the method
verifyIdToken($id_token)
always returning false and the token is valid ( that comes from my mobile app ) as I have tested with google apies oAuth2By Luck, I removed the client_id and lifted as empty str and walaa it works returning a user response payload
I can't understand why is that!! I'm using the same client_id on a node app in production and it's working fine ( access token not id token ), and I'm moving from node to PHP so I used the same client_id to test.
The Code:
The text was updated successfully, but these errors were encountered: