token_info 'verified_email'

[dudedolf]

Hi, Hopefully i am posting this in the correct place. We have noticed that in the file 'users_id_token.py' that when the email address is being verified it is using. if token_info.get('verified_email'): _logger.warning('Oauth token email isn\'t verified.') return However, upon checking the responses from 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=xxx' that sometimes 'verified_email' is returned and other times 'email_verified' is returned. When 'email_verified' is returned the error is triggers.

Presently we have monkey patched the code to check for both, but thought I would alert you nonetheless.

Many thanks

[salvador-bynd]

I am also having the same issue!

[dudedolf]

Hi Salvador, below is by no means a long term (or elegant) solution but i patched the code with

if token_info.get('email_verified') == False or token_info.get('verified_email') == False: _logger.warning('Oauth token email isn\'t verified.') return

if you search for 'token_info.get('verified_email')' it should take you to a file 'users_id_token.py' in which you can make the fix.

Cheers

[salvador-bynd]

Thanks @dudedolf . For local development (if appengine), we can monkey-patch to use a most recent token api version:

# On your appengine_config.py add the following.
if os.environ.get('SERVER_SOFTWARE', '').startswith('Development'):
    from endpoints import users_id_token
    users_id_token.___TOKENINFO_URL = users_id_token._TOKENINFO_URL
    users_id_token._TOKENINFO_URL = 'https://www.googleapis.com/oauth2/v2/tokeninfo'

[dudedolf]

Thank you I will look at implementing.

[inklesspen]

Is this happening only in local development? Or also when running on App Engine?