From eed1c3281293615cba256b5060497c1103912388 Mon Sep 17 00:00:00 2001
From: quest <quest@mac.com>
Date: Sun, 4 Sep 2022 15:37:30 -1000
Subject: [PATCH] Prefer id_token over access_token in JWT decode

---
 lib/omniauth/google_oauth2/version.rb    | 2 +-
 lib/omniauth/strategies/google_oauth2.rb | 9 +++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/lib/omniauth/google_oauth2/version.rb b/lib/omniauth/google_oauth2/version.rb
index c05e92f..798c14e 100644
--- a/lib/omniauth/google_oauth2/version.rb
+++ b/lib/omniauth/google_oauth2/version.rb
@@ -2,6 +2,6 @@
 
 module OmniAuth
   module GoogleOauth2
-    VERSION = '1.1.0'
+    VERSION = '1.1.1'
   end
 end
diff --git a/lib/omniauth/strategies/google_oauth2.rb b/lib/omniauth/strategies/google_oauth2.rb
index c98c488..c533ec2 100644
--- a/lib/omniauth/strategies/google_oauth2.rb
+++ b/lib/omniauth/strategies/google_oauth2.rb
@@ -69,9 +69,10 @@ def authorize_params
 
       extra do
         hash = {}
-        hash[:id_token] = access_token.token
-        if !options[:skip_jwt] && !nil_or_empty(access_token.token)
-          decoded = ::JWT.decode(access_token.token, nil, false).first
+        token = nil_or_empty?(access_token['id_token']) ? access_token.token : access_token['id_token']
+        hash[:id_token] = token
+        if !options[:skip_jwt] && !nil_or_empty?(token)
+          decoded = ::JWT.decode(token, nil, false).first
 
           # We have to manually verify the claims because the third parameter to
           # JWT.decode is false since no verification key is provided.
@@ -108,7 +109,7 @@ def custom_build_access_token
 
       private
 
-      def nil_or_empty(obj)
+      def nil_or_empty?(obj)
         obj.is_a?(String) ? obj.empty? : obj.nil?
       end