Use Google's verifier
[?]
Jan 14, 2016, 11:54 AM
IDP66ILEKRRM3NH5XGKKSP77XTZXBY2DWVLQWZHOSZDZUCDO4LGQCDependencies
- [2]
3QWDDLBRAdd support for logging in via a Google account - [3]
XJRJ4J7MAdd user registration - [4]
36ZTCZ4FAdd basic Persona support - [5]
LSZLZHJYAllow users to edit their own settings - [6]
6K5PBUUNUse buildEnv to combine Hydra's Perl dependencies - [7]
X22X45IXAdd Catalyst::DispatchType::Regex for forward compatibility - [8]
67QM2R5CDepend on Term::Size::Any - [9]
LZVO64YGMerge in the first bits of the API work - [*]
T4LLYESZ* Nix expression for building Hydra.
Change contents
- edit in release.nix at line 120
CryptJWT - edit in src/lib/Hydra/Controller/User.pm at line 7
use Crypt::JWT qw(decode_jwt); - edit in src/lib/Hydra/Controller/User.pm at line 123
# From https://www.googleapis.com/oauth2/v3/certs. Should probably not# hard-code this.my $googleKeys = <<'EOF';{"keys": [{"kty": "RSA","alg": "RS256","use": "sig","kid": "10685afd5291883ce668345afd77201390406f82","n": "xeNopuszp35W6H1w2Tw4OrSwT8BZ9f7-2PoOyWZmfMmUDmYT2uxrZezDK0YLap5LVmpLNcpZP5Hj67_32NU3my4qfA-SlxuJMUxHWJF7Dqr-QNAqld0SZ_po4qz5ZTHDxNxoZ4iw_T-4lhIBGm0RIZprDDGPI7Vo8qIeIMjZywoh_nq32zB6tnjEUBvHcgay0qXEnQkKkavzHO_c5sLc1qXM0jDQVqyO1enevW2yA_8gP0Qb7014ycN5umCvEHc66c2_iNT-R4zgw8gd1g05n2xwyET8qb_3wi5LqUV-Cri4mJ2xwGY8uynlD2I4jVtOYJusBgNs6AfwyehzsLdwSQ","e": "AQAB"},{"kty": "RSA","alg": "RS256","use": "sig","kid": "5a68fc8a3ec0c30e0be95aa08db99a68a725467f","n": "zmXvUwXYSo8VouhnkURp-3xywch-jPrk7q0gugqC7QIchBPnvdXdS-bj6sr1AqDl_hEDtiLGfiVr3Ft_U022rtHAl5n5NxyybUtZXWyT5yQZM4jopGBajavEUdCl9b4pqb-q_3fVaxUXe7re23sVjI5Bntd-8RYZ70tq-ZvCWBqsnz6lHi9Ditp3CZGWLMMBZlIv3nKnClOrZXL98Jmt7AAod-Gtk65saqnrMwWtBcI_Q-3u23ytywbMLanCeFFNUWlIOgZqyYYkOm-ylLRJzVaZ1THtcWILWCYUgxXjyF9DtXO3a8nct2JhdacD3LzRiPv3sXr31cg4arwUk19JoQ","e": "AQAB"}]}EOF - replacement in src/lib/Hydra/Controller/User.pm at line 129
my $data = decode_jwt(token => ($c->stash->{params}->{id_token} // die "No token."),kid_keys => $googleKeys,verify_exp => 1,);my $ua = new LWP::UserAgent;my $response = $ua->post('https://www.googleapis.com/oauth2/v3/tokeninfo',{ id_token => ($c->stash->{params}->{id_token} // die "No token."),});error($c, "Did not get a response from Google.") unless $response->is_success; - edit in src/lib/Hydra/Controller/User.pm at line 136
my $data = decode_json($response->decoded_content) or die; - edit in src/lib/Hydra/Controller/User.pm at line 139
die unless $data->{iss} eq "accounts.google.com" || $data->{iss} eq "https://accounts.google.com";