Is this extension when used with google safe from the attack mentioned at https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/ ?
Topic on Extension talk:OpenID Connect
It does not do anything past what the Google identity provider provides, so out of the box it would be vulnerable. However, PluggableAuth can be extended with an authorization plugin that could do a local check to ensure that the account is valid for use.