Merge pull request #85 from stackkit/bugfix/token-aud

Fix bug making it possible to task handler under specific circumstances

Author: marickvantuil

src/CloudTasksQueue.php

@@ -163,6 +163,7 @@ protected function pushToCloudTasks($queue, $payload, $delay = 0)
 
         $token = new OidcToken;
         $token->setServiceAccountEmail($this->config['service_account_email']);
+        $token->setAudience(hash_hmac('sha256', $this->getHandler(), config('app.key')));
         $httpRequest->setOidcToken($token);
 
         if ($availableAt > time()) {

src/OpenIdVerificatorConcrete.php

@@ -18,7 +18,7 @@ public function verify(?string $token, array $config): void
         (new AccessToken())->verify(
             $token,
             [
-                'audience' => app('queue')->getHandler(),
+                'audience' => hash_hmac('sha256', app('queue')->getHandler(), config('app.key')),
                 'throwException' => true,
             ]
         );

src/OpenIdVerificatorFake.php

@@ -17,7 +17,7 @@ public function verify(?string $token, array $config): void
         (new AccessToken())->verify(
             $token,
             [
-                'audience' => app('queue')->getHandler(),
+                'audience' => hash_hmac('sha256', app('queue')->getHandler(), config('app.key')),
                 'throwException' => true,
                 'certsLocation' => __DIR__ . '/../tests/Support/self-signed-public-key-as-jwk.json',
             ]