I am writing a function to verify a Google id token. I'm strictly following the documentation but I'm stuck on one last step. The token must be from a particular G-suite domain. The code snippet below is from the documentation but I don't know how to interpret it. Do I replace hd with mydomain.com? How do I specify my domain name?
// If request specified a G Suite domain:
// const domain = payload['hd'];
Kindly let me know if there is any additional detail I omitted in this question. There is no issue with my current code but I'll just add a little snippet here for context:
const token = getToken(event);
const client = new OAuth2Client(CLIENT_ID);
async function verify() {
const ticket = await client.verifyIdToken({
idToken: token,
audience: CLIENT_ID
});
const payload = ticket.getPayload();
const userid = payload['sub'];
}
// const domain = payload['hd'];
verify().catch(console.error);
'hd' is the key for the domain value in the payload ... if it's set, then domain = payload['hd'] will give you the user's domain as a string and you can check that it matches yourdomain.com