-
Notifications
You must be signed in to change notification settings - Fork 0
/
check_google_token.py
32 lines (24 loc) · 1.01 KB
/
check_google_token.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
from google.oauth2 import id_token
from google.auth.transport import requests
USER_EMAIL = "[email protected]"
USER_ID = "11123456"
def verify_google_id_token(token, audience=None):
try:
idinfo = id_token.verify_oauth2_token(token, requests.Request(), audience)
return True, idinfo
except ValueError:
return False, None
is_valid, decoded_google_token = auth_utils.verify_google_id_token(google_token)
if not is_valid:
raise Exception("Token is not valid or it's expired")
# token params
issuer = decoded_google_token['iss']
user_id = decoded_google_token['sub']
email = decoded_google_token['email']
email_verified = decoded_google_token['email_verified']
image_url = decoded_google_token['picture']
first_name = decoded_google_token['given_name']
last_name = decoded_google_token['family_name']
is_from_this_user = (email == USER_EMAIL or username == USER_ID)
if not is_from_this_user or not email_verified or "accounts.google.com" not in issuer:
raise Exception("Unauthorized token")