Skip to content

Google Auth issue #6652

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
SebC99 opened this issue Apr 27, 2020 · 2 comments
Closed

Google Auth issue #6652

SebC99 opened this issue Apr 27, 2020 · 2 comments

Comments

@SebC99
Copy link
Contributor

SebC99 commented Apr 27, 2020

Issue Description

When using Google Sign-In to authenticate users on Parse, the adapter is automatically used without any needed configuration, but:

  • it's using a development method to authenticate the user's token as stated in google documentation

An easy way to validate an ID token for debugging is to use the tokeninfo endpoint. Calling this endpoint involves an additional network request that does most of the validation for you, but introduces some latency and the potential for network errors.

  • there's no clientId validation to ensure the token is from our app
  • the sessions that are created are marked as createdWith { "action": "signup", "authProvider": "password"} instead of a google provider

Does someone is using Google Sign-In in production?
@stale
Copy link

stale bot commented Jun 12, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Jun 12, 2020
@SebC99
Copy link
Contributor Author

SebC99 commented Jun 12, 2020

I'm surprised no one cares ;)

@stale stale bot removed the wontfix label Jun 12, 2020
@SebC99 SebC99 mentioned this issue Jun 12, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SebC99 @davimacedo