Skip to content

Commit

Permalink
fix firebase token audience check
Browse files Browse the repository at this point in the history 
CPCN-437
  • Loading branch information
@petrjasek
petrjasek committed Oct 31, 2023
1 parent 240f430 commit 9410c43
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
3 changes: 2 additions & 1 deletion server/cp/auth.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import google.oauth2.id_token

from flask_babel import gettext
from flask import current_app as app
from google.auth.transport import requests

from newsroom.types import AuthProviderType
Expand Down Expand Up @@ -32,7 +33,7 @@ def token():
try:
claims = google.oauth2.id_token.verify_firebase_token(
token,
audience="cp-identity",
audience=app.config["AUTH_FIREBASE_AUDIENCE"],
request=firebase_request_adapter,
)
except ValueError as err:
Expand Down
3 changes: 3 additions & 0 deletions server/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -272,6 +272,9 @@
if SAML_PATH.joinpath("certs").exists():
SAML_AUTH_ENABLED = True

is_test_instance = any([url in CLIENT_URL for url in ["cp-dev.", "cpcn-uat.", "test."]])
AUTH_FIREBASE_AUDIENCE = "cp-identity-dev" if is_test_instance else "cp-identity"

CEM_URL = os.environ.get("CEM_URL", "")
CEM_APIKEY = os.environ.get("CEM_APIKEY", "")
CEM_PLATFORM = os.environ.get("CEM_PLATFORM", "MyNP")
Expand Down

0 comments on commit 9410c43

Please sign in to comment.