Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
…457)

To avoid leaking access tokens in logs or traces from the client
application.
  • Loading branch information
flux-ricky authored Aug 9, 2024
1 parent 0af26d4 commit 4288914
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion lib/omniauth/strategies/google_oauth2.rb
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,7 @@ def token_info(access_token)
return nil unless access_token

@token_info ||= Hash.new do |h, k|
h[k] = client.request(:get, 'https://www.googleapis.com/oauth2/v3/tokeninfo', params: { access_token: access_token }).parsed
h[k] = client.request(:post, 'https://www.googleapis.com/oauth2/v3/tokeninfo', body: { access_token: access_token }).parsed
end

@token_info[access_token]
Expand Down
6 changes: 3 additions & 3 deletions spec/omniauth/strategies/google_oauth2_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -384,7 +384,7 @@
subject.options.client_options[:connection_build] = proc do |builder|
builder.request :url_encoded
builder.adapter :test do |stub|
stub.get('/oauth2/v3/tokeninfo?access_token=valid_access_token') do
stub.post('/oauth2/v3/tokeninfo', 'access_token=valid_access_token') do
[200, { 'Content-Type' => 'application/json; charset=UTF-8' }, JSON.dump(
aud: '000000000000.apps.googleusercontent.com',
sub: '123456789',
Expand Down Expand Up @@ -781,7 +781,7 @@
subject.options.client_options[:connection_build] = proc do |builder|
builder.request :url_encoded
builder.adapter :test do |stub|
stub.get('/oauth2/v3/tokeninfo?access_token=valid_access_token') do
stub.post('/oauth2/v3/tokeninfo', 'access_token=valid_access_token') do
[200, { 'Content-Type' => 'application/json; charset=UTF-8' }, JSON.dump(
aud: '000000000000.apps.googleusercontent.com',
sub: '123456789',
Expand All @@ -792,7 +792,7 @@
expires_in: 436
)]
end
stub.get('/oauth2/v3/tokeninfo?access_token=invalid_access_token') do
stub.post('/oauth2/v3/tokeninfo', 'access_token=invalid_access_token') do
[400, { 'Content-Type' => 'application/json; charset=UTF-8' }, JSON.dump(error_description: 'Invalid Value')]
end
end
Expand Down

0 comments on commit 4288914

Please sign in to comment.