security: fix GoogleLoginView audience check + replace Clerk with direct GIS flow

- verify_oauth2_token now passes GOOGLE_CLIENT_ID as third arg (audience check) - fail-closed: returns 503 if GOOGLE_CLIENT_ID env var is not set - add GOOGLE_CLIENT_ID = os.environ.get('GOOGLE_CLIENT_ID', '') to settings - replace ClerkLoginViewTests with GoogleLoginViewTests (4 cases) - update requirements-docker.txt Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-10 01:31:18 +05:30
parent aa2846b884
commit e0a491e8cb
5 changed files with 131 additions and 3 deletions
--- a/requirements-docker.txt
+++ b/requirements-docker.txt
@@ -7,3 +7,4 @@ gunicorn==21.2.0
 django-extensions==3.2.3
 psycopg2-binary==2.9.9
 djangorestframework-simplejwt==5.3.1
+google-auth>=2.0.0