Use Google's verifier

[?]
Jan 14, 2016, 11:54 AM
IDP66ILEKRRM3NH5XGKKSP77XTZXBY2DWVLQWZHOSZDZUCDO4LGQC

Dependencies

  • [2] 3QWDDLBR Add support for logging in via a Google account
  • [3] XJRJ4J7M Add user registration
  • [4] 36ZTCZ4F Add basic Persona support
  • [5] LSZLZHJY Allow users to edit their own settings
  • [6] 6K5PBUUN Use buildEnv to combine Hydra's Perl dependencies
  • [7] X22X45IX Add Catalyst::DispatchType::Regex for forward compatibility
  • [8] 67QM2R5C Depend on Term::Size::Any
  • [9] LZVO64YG Merge in the first bits of the API work
  • [*] T4LLYESZ * Nix expression for building Hydra.

Change contents

  • edit in release.nix at line 120
    [3.556][2.0:21]()
    CryptJWT
  • edit in src/lib/Hydra/Controller/User.pm at line 7
    [3.23630][2.75:106]()
    use Crypt::JWT qw(decode_jwt);
  • edit in src/lib/Hydra/Controller/User.pm at line 123
    [2.1760][2.1760:2868]()
    # From https://www.googleapis.com/oauth2/v3/certs. Should probably not
    # hard-code this.
    my $googleKeys = <<'EOF';
    {
    "keys": [
    {
    "kty": "RSA",
    "alg": "RS256",
    "use": "sig",
    "kid": "10685afd5291883ce668345afd77201390406f82",
    "n": "xeNopuszp35W6H1w2Tw4OrSwT8BZ9f7-2PoOyWZmfMmUDmYT2uxrZezDK0YLap5LVmpLNcpZP5Hj67_32NU3my4qfA-SlxuJMUxHWJF7Dqr-QNAqld0SZ_po4qz5ZTHDxNxoZ4iw_T-4lhIBGm0RIZprDDGPI7Vo8qIeIMjZywoh_nq32zB6tnjEUBvHcgay0qXEnQkKkavzHO_c5sLc1qXM0jDQVqyO1enevW2yA_8gP0Qb7014ycN5umCvEHc66c2_iNT-R4zgw8gd1g05n2xwyET8qb_3wi5LqUV-Cri4mJ2xwGY8uynlD2I4jVtOYJusBgNs6AfwyehzsLdwSQ",
    "e": "AQAB"
    },
    {
    "kty": "RSA",
    "alg": "RS256",
    "use": "sig",
    "kid": "5a68fc8a3ec0c30e0be95aa08db99a68a725467f",
    "n": "zmXvUwXYSo8VouhnkURp-3xywch-jPrk7q0gugqC7QIchBPnvdXdS-bj6sr1AqDl_hEDtiLGfiVr3Ft_U022rtHAl5n5NxyybUtZXWyT5yQZM4jopGBajavEUdCl9b4pqb-q_3fVaxUXe7re23sVjI5Bntd-8RYZ70tq-ZvCWBqsnz6lHi9Ditp3CZGWLMMBZlIv3nKnClOrZXL98Jmt7AAod-Gtk65saqnrMwWtBcI_Q-3u23ytywbMLanCeFFNUWlIOgZqyYYkOm-ylLRJzVaZ1THtcWILWCYUgxXjyF9DtXO3a8nct2JhdacD3LzRiPv3sXr31cg4arwUk19JoQ",
    "e": "AQAB"
    }
    ]
    }
    EOF
  • replacement in src/lib/Hydra/Controller/User.pm at line 129
    [2.3063][2.3063:3226]()
    my $data = decode_jwt(
    token => ($c->stash->{params}->{id_token} // die "No token."),
    kid_keys => $googleKeys,
    verify_exp => 1,
    );
    [2.3063]
    [2.3226]
    my $ua = new LWP::UserAgent;
    my $response = $ua->post(
    'https://www.googleapis.com/oauth2/v3/tokeninfo',
    { id_token => ($c->stash->{params}->{id_token} // die "No token."),
    });
    error($c, "Did not get a response from Google.") unless $response->is_success;
  • edit in src/lib/Hydra/Controller/User.pm at line 136
    [2.3227]
    [2.3227]
    my $data = decode_json($response->decoded_content) or die;
  • edit in src/lib/Hydra/Controller/User.pm at line 139
    [2.3290][2.3290:3393]()
    die unless $data->{iss} eq "accounts.google.com" || $data->{iss} eq "https://accounts.google.com";