Skip to content

Commit

Permalink
change token claims behaviour
Browse files Browse the repository at this point in the history
  • Loading branch information
hummerdmag committed Aug 17, 2024
1 parent d0f23c4 commit 8ccd92a
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 16 deletions.
8 changes: 4 additions & 4 deletions jwt/service/jwt_token_service.go
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,7 @@ func (ts *JWTokenService) NewAccessToken(u model.User, scopes []string, app mode
lifespan = TokenLifespan
}

claims := model.Claims{
claims := &model.Claims{
Scopes: strings.Join(scopes, " "),
Payload: payload,
Type: tokenType,
Expand Down Expand Up @@ -282,7 +282,7 @@ func (ts *JWTokenService) NewRefreshToken(u model.User, scopes []string, app mod
lifespan = RefreshTokenLifespan
}

claims := model.Claims{
claims := &model.Claims{
Scopes: strings.Join(scopes, " "),
Payload: payload,
Type: model.TokenTypeRefresh,
Expand Down Expand Up @@ -418,7 +418,7 @@ func (ts *JWTokenService) NewResetToken(userID string) (model.Token, error) {

lifespan := ts.resetTokenLifespan

claims := model.Claims{
claims := &model.Claims{
Type: model.TokenTypeReset,
StandardClaims: jwt.StandardClaims{
ExpiresAt: (now + lifespan),
Expand Down Expand Up @@ -450,7 +450,7 @@ func (ts *JWTokenService) NewWebCookieToken(u model.User) (model.Token, error) {
now := ijwt.TimeFunc().Unix()
lifespan := ts.resetTokenLifespan

claims := model.Claims{
claims := &model.Claims{
Type: model.TokenTypeWebCookie,
StandardClaims: jwt.StandardClaims{
ExpiresAt: (now + lifespan),
Expand Down
2 changes: 1 addition & 1 deletion model/token.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ type Token interface {
}

// NewTokenWithClaims generates new JWT token with claims and keyID.
func NewTokenWithClaims(method jwt.SigningMethod, kid string, claims jwt.Claims) *jwt.Token {
func NewTokenWithClaims(method jwt.SigningMethod, kid string, claims *Claims) *jwt.Token {
return &jwt.Token{
Header: map[string]interface{}{
"typ": "JWT",
Expand Down
2 changes: 1 addition & 1 deletion web/api/federated_oidc_login.go
Original file line number Diff line number Diff line change
Expand Up @@ -368,7 +368,7 @@ func (ar *Router) completeOIDCAuth(

providerScope, ok := providerScopeVal.(string)
if !ok {
ar.logger.Printf("oidc returned scope is not string but %T %+v", providerScope, providerScope)
ar.logger.Printf("oidc returned scope is not string but %T %+v", providerScopeVal, providerScopeVal)
}

// Extract the ID Token from OAuth2 token.
Expand Down
29 changes: 19 additions & 10 deletions web/api/federated_oidc_server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ import (

jwt "github.com/golang-jwt/jwt/v4"
ijwt "github.com/madappgang/identifo/v2/jwt"
"github.com/madappgang/identifo/v2/model"
"github.com/madappgang/identifo/v2/web/api"
)

Expand Down Expand Up @@ -65,15 +64,25 @@ func testOIDCServer() (*httptest.Server, context.CancelFunc) {
})

mux.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {
idt, err := model.NewTokenWithClaims(jwt.SigningMethodES256, "kid", jwt.MapClaims{
"sub": "abc",
"emails": []string{"[email protected]"},
"email": "[email protected]",
"iss": cfg.Issuer,
"aud": "test",
"exp": time.Now().Add(time.Hour).Unix(),
"iat": time.Now().Unix(),
}).SignedString(privateKey)
token := jwt.Token{
Header: map[string]interface{}{
"typ": "JWT",
"alg": jwt.SigningMethodES256.Alg(),
"kid": "kid",
},
Claims: jwt.MapClaims{
"sub": "abc",
"emails": []string{"[email protected]"},
"email": "[email protected]",
"iss": cfg.Issuer,
"aud": "test",
"exp": time.Now().Add(time.Hour).Unix(),
"iat": time.Now().Unix(),
},
Method: jwt.SigningMethodES256,
}

idt, err := token.SignedString(privateKey)
if err != nil {
panic(err)
}
Expand Down

0 comments on commit 8ccd92a

Please sign in to comment.