Merge pull request #22 from AlexCuse/master

Embed identities.Claims Type
keratin · Dec 14, 2022 · c30d06e · c30d06e
2 parents 2ce5849 + 7e87c0f
commit c30d06e
Show file tree

Hide file tree

Showing 10 changed files with 57 additions and 262 deletions.
diff --git a/authn/authn.go b/authn/authn.go
@@ -5,7 +5,6 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/keratin/authn-server/app/tokens/identities"
 	jwt "gopkg.in/square/go-jose.v2/jwt"
 )
 
@@ -69,13 +68,13 @@ func (ac *Client) SubjectFromWithAudience(idToken string, audience jwt.Audience)
 // if and only if the token is a valid JWT that passes all
 // verification requirements. If the JWT does not verify, the returned
 // error will explain why. This is for debugging purposes.
-func (ac *Client) ClaimsFrom(idToken string) (*identities.Claims, error) {
+func (ac *Client) ClaimsFrom(idToken string) (*Claims, error) {
 	return ac.claimsFromVerifier(idToken, ac.verifier)
 }
 
 // ClaimsFromWithAudience works like ClaimsFrom but allows
 // specifying a different JWT audience.
-func (ac *Client) ClaimsFromWithAudience(idToken string, audience jwt.Audience) (*identities.Claims, error) {
+func (ac *Client) ClaimsFromWithAudience(idToken string, audience jwt.Audience) (*Claims, error) {
 	verifier, err := newIDTokenVerifierWithAudiences(ac.config.Issuer, audience, ac.kchain)
 	if err != nil {
 		return nil, err
@@ -91,7 +90,7 @@ func (ac *Client) subjectFromVerifier(idToken string, verifier JWTClaimsExtracto
 	return claims.Subject, nil
 }
 
-func (ac *Client) claimsFromVerifier(idToken string, verifier JWTClaimsExtractor) (*identities.Claims, error) {
+func (ac *Client) claimsFromVerifier(idToken string, verifier JWTClaimsExtractor) (*Claims, error) {
 	claims, err := verifier.GetVerifiedClaims(idToken)
 	if err != nil {
 		return nil, err

diff --git a/authn/claims.go b/authn/claims.go
@@ -0,0 +1,8 @@
+package authn
+
+import "gopkg.in/square/go-jose.v2/jwt"
+
+type Claims struct {
+	AuthTime *jwt.NumericDate `json:"auth_time"`
+	jwt.Claims
+}
diff --git a/authn/interfaces.go b/authn/interfaces.go
@@ -1,7 +1,6 @@
 package authn
 
 import (
-	"github.com/keratin/authn-server/app/tokens/identities"
 	jose "gopkg.in/square/go-jose.v2"
 )
 
@@ -14,5 +13,5 @@ type JWKProvider interface {
 
 // Extracts verified in-built claims from a jwt idToken
 type JWTClaimsExtractor interface {
-	GetVerifiedClaims(idToken string) (*identities.Claims, error)
+	GetVerifiedClaims(idToken string) (*Claims, error)
 }
diff --git a/authn/internal_client.go b/authn/internal_client.go
@@ -75,7 +75,7 @@ func (ic *internalClient) Key(kid string) ([]jose.JSONWebKey, error) {
 	return jwks.Key(kid), nil
 }
 
-//GetAccount gets the account details for the specified account id
+// GetAccount gets the account details for the specified account id
 func (ic *internalClient) GetAccount(id string) (*Account, error) {
 	resp, err := ic.doWithAuth(get, "accounts/"+id, nil)
 	if err != nil {
@@ -95,7 +95,7 @@ func (ic *internalClient) GetAccount(id string) (*Account, error) {
 	return &data.Result, nil
 }
 
-//Update updates the account with the specified id
+// Update updates the account with the specified id
 func (ic *internalClient) Update(id, username string) error {
 	form := url.Values{}
 	form.Add("username", username)
@@ -104,25 +104,25 @@ func (ic *internalClient) Update(id, username string) error {
 	return err
 }
 
-//LockAccount locks the account with the specified id
+// LockAccount locks the account with the specified id
 func (ic *internalClient) LockAccount(id string) error {
 	_, err := ic.doWithAuth(patch, "accounts/"+id+"/lock", nil)
 	return err
 }
 
-//UnlockAccount unlocks the account with the specified id
+// UnlockAccount unlocks the account with the specified id
 func (ic *internalClient) UnlockAccount(id string) error {
 	_, err := ic.doWithAuth(patch, "accounts/"+id+"/unlock", nil)
 	return err
 }
 
-//ArchiveAccount archives the account with the specified id
+// ArchiveAccount archives the account with the specified id
 func (ic *internalClient) ArchiveAccount(id string) error {
 	_, err := ic.doWithAuth(delete, "accounts/"+id, nil)
 	return err
 }
 
-//ImportAccount imports an existing account
+// ImportAccount imports an existing account
 func (ic *internalClient) ImportAccount(username, password string, locked bool) (int, error) {
 	form := url.Values{}
 	form.Add("username", username)
@@ -149,18 +149,18 @@ func (ic *internalClient) ImportAccount(username, password string, locked bool)
 	return data.Result.ID, err
 }
 
-//ExpirePassword expires the users current sessions and flags the account for a required password change on next login
+// ExpirePassword expires the users current sessions and flags the account for a required password change on next login
 func (ic *internalClient) ExpirePassword(id string) error {
 	_, err := ic.doWithAuth(patch, "accounts/"+id+"/expire_password", nil)
 	return err
 }
 
-//ServiceStats returns the raw request from the /stats endpoint
+// ServiceStats returns the raw request from the /stats endpoint
 func (ic *internalClient) ServiceStats() (*http.Response, error) {
 	return ic.doWithAuth(get, "stats", nil)
 }
 
-//ServerStats returns the raw request from the /metrics endpoint
+// ServerStats returns the raw request from the /metrics endpoint
 func (ic *internalClient) ServerStats() (*http.Response, error) {
 	return ic.doWithAuth(get, "metrics", nil)
 }

diff --git a/authn/internal_client_test.go b/authn/internal_client_test.go
@@ -49,7 +49,7 @@ func testingHTTPClient(handler http.Handler) (*http.Client, func()) {
 	return cli, s.Close
 }
 
-//Based on information at https://keratin.github.io/authn-server/#/api?id=get-account
+// Based on information at https://keratin.github.io/authn-server/#/api?id=get-account
 func TestICGetAccount(t *testing.T) {
 	type request struct {
 		url        string
@@ -142,7 +142,7 @@ func TestICGetAccount(t *testing.T) {
 	}
 }
 
-//Based on information at https://keratin.github.io/authn-server/#/api?id=update
+// Based on information at https://keratin.github.io/authn-server/#/api?id=update
 func TestICUpdate(t *testing.T) {
 	type request struct {
 		url        string
@@ -229,7 +229,7 @@ func TestICUpdate(t *testing.T) {
 	}
 }
 
-//Based on information at https://keratin.github.io/authn-server/#/api?id=lock-account
+// Based on information at https://keratin.github.io/authn-server/#/api?id=lock-account
 func TestICLockAccount(t *testing.T) {
 	type request struct {
 		url        string
@@ -299,7 +299,7 @@ func TestICLockAccount(t *testing.T) {
 	}
 }
 
-//Based on information at https://keratin.github.io/authn-server/#/api?id=unlock-account
+// Based on information at https://keratin.github.io/authn-server/#/api?id=unlock-account
 func TestICUnlockAccount(t *testing.T) {
 	type request struct {
 		url        string
@@ -369,7 +369,7 @@ func TestICUnlockAccount(t *testing.T) {
 	}
 }
 
-//Based on information at https://keratin.github.io/authn-server/#/api?id=archive-account
+// Based on information at https://keratin.github.io/authn-server/#/api?id=archive-account
 func TestICArchiveAccount(t *testing.T) {
 	type request struct {
 		url        string
@@ -439,7 +439,7 @@ func TestICArchiveAccount(t *testing.T) {
 	}
 }
 
-//Based on information at https://keratin.github.io/authn-server/#/api?id=import-account
+// Based on information at https://keratin.github.io/authn-server/#/api?id=import-account
 func TestICImportAccount(t *testing.T) {
 	type request struct {
 		url        string
@@ -528,7 +528,7 @@ func TestICImportAccount(t *testing.T) {
 	}
 }
 
-//Based on information at https://keratin.github.io/authn-server/#/api?id=expire-password
+// Based on information at https://keratin.github.io/authn-server/#/api?id=expire-password
 func TestICExpirePassword(t *testing.T) {
 	type request struct {
 		url        string
@@ -598,7 +598,7 @@ func TestICExpirePassword(t *testing.T) {
 	}
 }
 
-//Based on information at https://keratin.github.io/authn-server/#/api?id=service-stats
+// Based on information at https://keratin.github.io/authn-server/#/api?id=service-stats
 func TestICServiceStats(t *testing.T) {
 	type request struct {
 		url        string
@@ -640,7 +640,7 @@ func TestICServiceStats(t *testing.T) {
 	}
 }
 
-//Based on information at https://keratin.github.io/authn-server/#/api?id=server-stats
+// Based on information at https://keratin.github.io/authn-server/#/api?id=server-stats
 func TestICServerStats(t *testing.T) {
 	type request struct {
 		url        string

diff --git a/authn/models.go b/authn/models.go
@@ -5,7 +5,7 @@ import (
 	"strings"
 )
 
-//Account is an AuthN user account
+// Account is an AuthN user account
 type Account struct {
 	ID       int    `json:"id"`
 	Username string `json:"username"`

diff --git a/authn/verifier.go b/authn/verifier.go
@@ -5,7 +5,6 @@ import (
 	"net/url"
 	"time"
 
-	"github.com/keratin/authn-server/app/tokens/identities"
 	jwt "gopkg.in/square/go-jose.v2/jwt"
 )
 
@@ -41,7 +40,7 @@ func newIDTokenVerifierWithAudiences(issuer string, audiences jwt.Audience, keyc
 }
 
 // Gets verified claims from an Authn idToken
-func (verifier *idTokenVerifier) GetVerifiedClaims(idToken string) (*identities.Claims, error) {
+func (verifier *idTokenVerifier) GetVerifiedClaims(idToken string) (*Claims, error) {
 	var err error
 
 	claims, err := verifier.claims(idToken)
@@ -59,7 +58,7 @@ func (verifier *idTokenVerifier) GetVerifiedClaims(idToken string) (*identities.
 
 // Gets claims object from an idToken using the key from keychain
 // Key from keychain is fetched using KeyID found in idToken's header
-func (verifier *idTokenVerifier) claims(idToken string) (*identities.Claims, error) {
+func (verifier *idTokenVerifier) claims(idToken string) (*Claims, error) {
 	var err error
 
 	idJwt, err := jwt.ParseSigned(idToken)
@@ -81,7 +80,7 @@ func (verifier *idTokenVerifier) claims(idToken string) (*identities.Claims, err
 	}
 	key := keys[0]
 
-	claims := &identities.Claims{}
+	claims := &Claims{}
 	err = idJwt.Claims(key, claims)
 	if err != nil {
 		return nil, err
@@ -91,7 +90,7 @@ func (verifier *idTokenVerifier) claims(idToken string) (*identities.Claims, err
 }
 
 // Verify the claims against the configured values
-func (verifier *idTokenVerifier) verify(claims *identities.Claims) error {
+func (verifier *idTokenVerifier) verify(claims *Claims) error {
 	var err error
 
 	// Validate rest of the claims

diff --git a/authn/verifier_test.go b/authn/verifier_test.go
@@ -11,7 +11,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/keratin/authn-server/app/tokens/identities"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	jose "gopkg.in/square/go-jose.v2"
@@ -35,7 +34,7 @@ func TestIDTokenVerifier(t *testing.T) {
 	// factory defaults
 	randInt, err := rand.Int(rand.Reader, big.NewInt(99999))
 	require.NoError(t, err)
-	defaultClaims := identities.Claims{
+	defaultClaims := Claims{
 		AuthTime: jwt.NewNumericDate(time.Now().Add(-time.Hour)),
 		Claims: jwt.Claims{
 			Issuer:   issuer,

diff --git a/go.mod b/go.mod
@@ -3,8 +3,8 @@ module github.com/keratin/authn-go
 go 1.12
 
 require (
-	github.com/keratin/authn-server v1.15.0
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/stretchr/testify v1.5.1
+	golang.org/x/crypto v0.4.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.3.1
 )