From 7564c1902484dc31d13565f910370f6de1cfac37 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Tue, 29 Aug 2017 12:40:01 +0000
Subject: [PATCH] Verify that the token from Exchange is valid

---
 oidcproxy.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/oidcproxy.go b/oidcproxy.go
index c9e6a65..4da7c4e 100644
--- a/oidcproxy.go
+++ b/oidcproxy.go
@@ -156,6 +156,11 @@ func (b *backendHandler) handleCallback(w http.ResponseWriter, r *http.Request)
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
+	if !token.Valid() {
+		log.Printf("Received an invalid token from Exchange()")
+		http.Error(w, "Invalid token", http.StatusBadRequest)
+		return
+	}
 
 	// Extract the ID token and store it in our session.
 	rawIDToken := token.Extra("id_token").(string)
-- 
GitLab