Environment details
- OS type and version: N/A
- Java version: N/A
- version(s): google-api-java-client v1.34.1 & google-oauth-java-client v1.33.3
Steps to reproduce
The latest release of google-oauth-java-client added a signature verification check to IdTokenVerifier.verify. In google-api-java-client, GoogleIdTokenVerifier makes a call to super.verify which will perform a signature check. After that GoogleIdTokenVerifier then performs its own signature check.
This look like the signature check is effectively being duplicated?
Environment details
Steps to reproduce
The latest release of
google-oauth-java-clientadded a signature verification check to IdTokenVerifier.verify. Ingoogle-api-java-client,GoogleIdTokenVerifiermakes a call to super.verify which will perform a signature check. After that GoogleIdTokenVerifier then performs its own signature check.This look like the signature check is effectively being duplicated?