Do not break Google sign-in in case of invalid auth_code and valid id…

…_token
remp2020 · Oct 5, 2021 · 8ba829f · 8ba829f
1 parent 726c6f1
commit 8ba829f
Showing 1 changed file with 8 additions and 10 deletions.
diff --git a/src/api/GoogleTokenSignInHandler.php b/src/api/GoogleTokenSignInHandler.php
@@ -13,6 +13,9 @@
 use Crm\UsersModule\Repository\UsersRepository;
 use Nette\Database\Table\IRow;
 use Nette\Http\Response;
+use Nette\Utils\Json;
+use Tracy\Debugger;
+use Tracy\ILogger;
 
 /**
  * Implements validation of Google Token ID
@@ -99,17 +102,12 @@ public function handle(ApiAuthorizationInterface $authorization): ?JsonResponse
         if ($gsiAuthCode) {
             $creds = $this->googleSignIn->exchangeAuthCode($gsiAuthCode);
             if (!isset($creds['id_token']) || !isset($creds['access_token'])) {
-                $response = new JsonResponse([
-                    'status' => 'error',
-                    'code' => 'invalid_auth_code',
-                    'message' => 'Unable to exchange auth code for access_token and id_token',
-                ]);
-                $response->setHttpCode(Response::S400_BAD_REQUEST);
-                return $response;
+                // do not break login process if access_token is invalid (and id_token possibly valid)
+                Debugger::log('Unable to exchange auth code for access_token and id_token, creds: ' . Json::encode($creds), ILogger::ERROR);
+            } else {
+                $idToken = $creds['id_token'];
+                $gsiAccessToken = $creds['access_token'];
             }
-
-            $idToken = $creds['id_token'];
-            $gsiAccessToken = $creds['access_token'];
         }
 
         $user = $this->googleSignIn->signInUsingIdToken($idToken, $gsiAccessToken);