gcp-google-auth verifying signature?

mondo-mob / mondokit

Simplify building NodeJS applications on cloud platforms

https://mondokit.dev/

MIT License

10 stars 0 forks source link

gcp-google-auth verifying signature? #1

Open gonzalovilaseca opened 2 months ago

gonzalovilaseca commented 2 months ago

Shouldn't gcp-google-auth verify the tokens signature?

mlev commented 2 months ago

It does - we use the google-auth-library under hood to validate the tokens, using verifyIdToken or verifySignedJwtWithCertsAsync depending on the use case. Do you have a scenario where this doesn't happen?