-
Notifications
You must be signed in to change notification settings - Fork 0
/
tokenizers.go
97 lines (84 loc) · 2.37 KB
/
tokenizers.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
package ohauth
import (
"fmt"
"reflect"
"github.com/dgrijalva/jwt-go"
"github.com/mitchellh/mapstructure"
)
// Tokenizer defines an interface that can create OAuth token strings
// (codes, access and refresh tokens) from TokenClaims and parse strings back
// into TokenClaims.
type Tokenizer interface {
// Tokenize converts TokenClaims into a signed string using a signing key
Tokenize(tc *TokenClaims, signingKey []byte) (string, error)
// Parse takes a signed token string, verifies its authenticity and returns
// the TokenClaims it carries
Parse(token string, verifyKey []byte) (*TokenClaims, error)
}
type jwtTokenizer struct {
method jwt.SigningMethod
}
// NewJWTTokenizer creates a Tokenizer that creates and parses JWT tokens
func NewJWTTokenizer(signingMethod jwt.SigningMethod) Tokenizer {
return &jwtTokenizer{signingMethod}
}
func (t *jwtTokenizer) Tokenize(tc *TokenClaims, signingKey []byte) (string, error) {
if tc.Expires == 0 {
return "", fmt.Errorf("Token expiry not set")
}
token := jwt.New(t.method)
token.Claims = tokenClaimsToMap(tc)
return token.SignedString(signingKey)
}
func (t *jwtTokenizer) Parse(raw string, verifyKey []byte) (*TokenClaims, error) {
if t.method == nil {
return nil, fmt.Errorf("No signing method specified")
}
token, err := jwt.Parse(raw, func(token *jwt.Token) (interface{}, error) {
if token.Method.Alg() != t.method.Alg() {
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
}
return verifyKey, nil
})
if err != nil {
return nil, err
}
tc := &TokenClaims{}
d, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
Result: tc,
TagName: "json",
DecodeHook: func(from, to reflect.Type, data interface{}) (interface{}, error) {
if from.Kind() == reflect.String && to.Kind() == reflect.TypeOf(tc.Scope).Kind() {
return ParseScope(data.(string)), nil
}
return data, nil
},
})
if err != nil {
return nil, err
}
err = d.Decode(token.Claims)
if err != nil {
return nil, err
}
return tc, nil
}
func tokenClaimsToMap(tc *TokenClaims) map[string]interface{} {
m := map[string]interface{}{
"jti": tc.ID,
"role": tc.Role,
"aud": tc.Audience,
"exp": tc.Expires,
"iat": tc.Issued,
"iss": tc.Issuer,
"sub": tc.Subject,
"grant": tc.Grant,
}
if tc.Scope != nil {
m["scope"] = tc.Scope
}
if tc.Nonce != "" {
m["nonce"] = tc.Nonce
}
return m
}