Merge pull request #131 from krakend/leeway

accept a configurable leeway for the token validation
krakend · Apr 5, 2024 · 4329232 · 4329232
2 parents 33c87cc + ead1963
commit 4329232
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 4 deletions.
diff --git a/go.mod b/go.mod
@@ -4,7 +4,7 @@ go 1.17
 
 require (
 	github.com/gin-gonic/gin v1.8.2
-	github.com/krakend/go-auth0 v1.0.0
+	github.com/krakend/go-auth0 v1.1.0
 	github.com/luraproject/lura/v2 v2.0.5
 	gocloud.dev v0.28.0
 	gocloud.dev/secrets/hashivault v0.28.0

diff --git a/go.sum b/go.sum
@@ -1370,8 +1370,8 @@ github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/krakend/go-auth0 v1.0.0 h1:dewhsVnquDStTXaRY5OOCL+i4oe+qKbDpaNz9D6Kzuk=
-github.com/krakend/go-auth0 v1.0.0/go.mod h1:lJtS6u8y1mai4lFcE3JC2oSDQaNo2aXexTS0cqTblZU=
+github.com/krakend/go-auth0 v1.1.0 h1:3/OUeVB5vu94tZgU8gzO4gv1W0tV3/kmPSaEXQodYsM=
+github.com/krakend/go-auth0 v1.1.0/go.mod h1:lJtS6u8y1mai4lFcE3JC2oSDQaNo2aXexTS0cqTblZU=
 github.com/krakendio/flatmap v1.1.1 h1:rGBNVpBY0pMk6cLOwerVzoKY4HELnpu0xvqB231lOCQ=
 github.com/krakendio/flatmap v1.1.1/go.mod h1:KBuVkiH5BcBFRa5A1HdSHDn8a8LzsyRTKZArX0vqTbo=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=

diff --git a/jose.go b/jose.go
@@ -6,6 +6,7 @@ import (
 	"math"
 	"net/http"
 	"strings"
+	"time"
 
 	"github.com/krakend/go-auth0"
 	"github.com/luraproject/lura/v2/proxy"
@@ -51,14 +52,20 @@ func NewValidator(signatureConfig *SignatureConfig, cookieEf, headerEf Extractor
 		return nil, err
 	}
 
-	return auth0.NewValidator(
+	leeway, err := time.ParseDuration(signatureConfig.Leeway)
+	if err != nil {
+		leeway = time.Second
+	}
+
+	return auth0.NewValidatorWithLeeway(
 		auth0.NewConfiguration(
 			sp,
 			signatureConfig.Audience,
 			signatureConfig.Issuer,
 			sa,
 		),
 		te,
+		leeway,
 	), nil
 }
 

diff --git a/jws.go b/jws.go
@@ -43,6 +43,7 @@ type SignatureConfig struct {
 	ScopesMatcher           string     `json:"scopes_matcher,omitempty"`
 	KeyIdentifyStrategy     string     `json:"key_identify_strategy"`
 	OperationDebug          bool       `json:"operation_debug,omitempty"`
+	Leeway                  string     `json:"leeway"`
 }
 
 type SignerConfig struct {