jshuaf
commented
7 years ago Not currently relevant for our auth flow - we're communicating directly with Google over https, so there's no need to verify them.
Closed jshuaf closed 7 years ago
jshuaf
commented
7 years ago Not currently relevant for our auth flow - we're communicating directly with Google over https, so there's no need to verify them.
Relevant links: https://github.com/auth0/node-jsonwebtoken https://www.googleapis.com/oauth2/v3/certs https://www.googleapis.com/oauth2/v1/certs https://developers.google.com/identity/protocols/OpenIDConnect#validatinganidtoken https://developers.google.com/identity/protocols/OpenIDConnect#discovery