fix(auth): Properly handle google token issuer (#6836)

* Updated TOKEN_ISSUER to 'accounts.google.com' Hi, I was getting this issue from today morning parse-server/Adapters/Auth/google.js was expecting the TOKEN_ISSUER to be prefixed with https:// but on debugging the original value was not having the prefix, removing https:// from TOKEN_ISSUER solved this bug. This issue is introduced in 4.3.0 as in 4.2.0 it is working fine currently I have downgraded the version to 4.2.0 for it to work properly and suggesting the changes please merge this PR. * Update google.js * Update AuthenticationAdapters.spec.js * Update google.js * Update google.js
parse-community · Jul 29, 2020 · 42f75d6 · 42f75d6
1 parent 92afcca
commit 42f75d6
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/spec/AuthenticationAdapters.spec.js b/spec/AuthenticationAdapters.spec.js
@@ -701,7 +701,7 @@ describe('google auth adapter', () => {
       fail();
     } catch (e) {
       expect(e.message).toBe(
-        'id token not issued by correct provider - expected: https://accounts.google.com | from: https://not.google.com'
+        'id token not issued by correct provider - expected: accounts.google.com or https://accounts.google.com | from: https://not.google.com'
       );
     }
   });

diff --git a/src/Adapters/Auth/google.js b/src/Adapters/Auth/google.js
@@ -6,7 +6,8 @@ var Parse = require('parse/node').Parse;
 const https = require('https');
 const jwt = require('jsonwebtoken');
 
-const TOKEN_ISSUER = 'https://accounts.google.com';
+const TOKEN_ISSUER = 'accounts.google.com';
+const HTTPS_TOKEN_ISSUER = 'https://accounts.google.com';
 
 let cache = {};
 
@@ -67,8 +68,8 @@ async function verifyIdToken({id_token: token, id}, {clientId}) {
     throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `${message}`);
   }
 
-  if (jwtClaims.iss !== TOKEN_ISSUER) {
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `id token not issued by correct provider - expected: ${TOKEN_ISSUER} | from: ${jwtClaims.iss}`);
+  if (jwtClaims.iss !== TOKEN_ISSUER && jwtClaims.iss !== HTTPS_TOKEN_ISSUER) {
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `id token not issued by correct provider - expected: ${TOKEN_ISSUER} or ${HTTPS_TOKEN_ISSUER} | from: ${jwtClaims.iss}`);
   }
 
   if (jwtClaims.sub !== id) {