Merge pull request #217 from joshsoftware/verify-token-v3

zquestz · zquestz · commit ddc435dfd18d · 2016-01-08T22:14:38.000-08:00
Updated verify_token method
diff --git a/lib/omniauth/strategies/google_oauth2.rb b/lib/omniauth/strategies/google_oauth2.rb
@@ -171,9 +171,9 @@ def strip_unnecessary_query_parameters(query_values)
 
       def verify_token(access_token)
         return false unless access_token
-        raw_response = client.request(:get, 'https://www.googleapis.com/oauth2/v2/tokeninfo',
+        raw_response = client.request(:get, 'https://www.googleapis.com/oauth2/v3/tokeninfo',
                                       params: { access_token: access_token }).parsed
-        raw_response['issued_to'] == options.client_id
+        raw_response['aud'] == options.client_id
       end
     end
   end
diff --git a/spec/omniauth/strategies/google_oauth2_spec.rb b/spec/omniauth/strategies/google_oauth2_spec.rb
@@ -544,19 +544,18 @@
       subject.options.client_options[:connection_build] = proc do |builder|
         builder.request :url_encoded
         builder.adapter :test do |stub|
-          stub.get('/oauth2/v2/tokeninfo?access_token=valid_access_token') do |env|
+          stub.get('/oauth2/v3/tokeninfo?access_token=valid_access_token') do |env|
             [200, {'Content-Type' => 'application/json; charset=UTF-8'}, MultiJson.encode(
-              :issued_to => '000000000000.apps.googleusercontent.com',
-              :audience => '000000000000.apps.googleusercontent.com',
-              :user_id => '000000000000000000000',
-              :scope => 'profile email',
-              :expires_in => 3514,
-              :email => 'me@example.com',
-              :verified_email => true,
-              :access_type => 'online'
+              :aud => "000000000000.apps.googleusercontent.com",
+              :sub => "123456789",
+              :email_verified => "true",
+              :email => "example@example.com",
+              :access_type => "offline",
+              :scope => "profile email",
+              :expires_in => 436
             )]
           end
-          stub.get('/oauth2/v2/tokeninfo?access_token=invalid_access_token') do |env|
+          stub.get('/oauth2/v3/tokeninfo?access_token=invalid_access_token') do |env|
             [400, {'Content-Type' => 'application/json; charset=UTF-8'}, MultiJson.encode(:error_description => 'Invalid Value')]
           end
         end
