From e83c0ff2b45d368fbf6bf26bbd8e19797c7e92d5 Mon Sep 17 00:00:00 2001
From: Anton Begehr <anton@begehr.me>
Date: Tue, 4 Feb 2025 19:30:13 +0700
Subject: [PATCH] fix:  google IdToken auth issuer mismatch (#1351)

"The value of iss in the ID token is equal to accounts.google.com or https://accounts.google.com."

Source: https://developers.google.com/identity/gsi/web/guides/verify-google-id-token
---
 packages/better-auth/src/social-providers/google.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/packages/better-auth/src/social-providers/google.ts b/packages/better-auth/src/social-providers/google.ts
index 7006b5a24b..7945d48ccf 100644
--- a/packages/better-auth/src/social-providers/google.ts
+++ b/packages/better-auth/src/social-providers/google.ts
@@ -105,7 +105,8 @@ export const google = (options: GoogleOptions) => {
 			}
 			const isValid =
 				tokenInfo.aud === options.clientId &&
-				tokenInfo.iss === "https://accounts.google.com";
+				(tokenInfo.iss === "https://accounts.google.com" ||
+					tokenInfo.iss === "accounts.google.com");
 			return isValid;
 		},
 		async getUserInfo(token) {