|
|
@ -25,6 +25,7 @@ import ( |
|
|
|
"net/http" |
|
|
|
"net/http" |
|
|
|
"strconv" |
|
|
|
"strconv" |
|
|
|
"strings" |
|
|
|
"strings" |
|
|
|
|
|
|
|
"sync" |
|
|
|
"time" |
|
|
|
"time" |
|
|
|
|
|
|
|
|
|
|
|
jwtgo "github.com/dgrijalva/jwt-go" |
|
|
|
jwtgo "github.com/dgrijalva/jwt-go" |
|
|
@ -49,10 +50,14 @@ type Config struct { |
|
|
|
publicKeys map[string]crypto.PublicKey |
|
|
|
publicKeys map[string]crypto.PublicKey |
|
|
|
transport *http.Transport |
|
|
|
transport *http.Transport |
|
|
|
closeRespFn func(io.ReadCloser) |
|
|
|
closeRespFn func(io.ReadCloser) |
|
|
|
|
|
|
|
mutex *sync.Mutex |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// PopulatePublicKey - populates a new publickey from the JWKS URL.
|
|
|
|
// PopulatePublicKey - populates a new publickey from the JWKS URL.
|
|
|
|
func (r *Config) PopulatePublicKey() error { |
|
|
|
func (r *Config) PopulatePublicKey() error { |
|
|
|
|
|
|
|
r.mutex.Lock() |
|
|
|
|
|
|
|
defer r.mutex.Unlock() |
|
|
|
|
|
|
|
|
|
|
|
if r.JWKS.URL == nil || r.JWKS.URL.String() == "" { |
|
|
|
if r.JWKS.URL == nil || r.JWKS.URL.String() == "" { |
|
|
|
return nil |
|
|
|
return nil |
|
|
|
} |
|
|
|
} |
|
|
@ -185,7 +190,15 @@ func (p *JWT) Validate(token, dsecs string) (map[string]interface{}, error) { |
|
|
|
var claims jwtgo.MapClaims |
|
|
|
var claims jwtgo.MapClaims |
|
|
|
jwtToken, err := jp.ParseWithClaims(token, &claims, keyFuncCallback) |
|
|
|
jwtToken, err := jp.ParseWithClaims(token, &claims, keyFuncCallback) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
return nil, err |
|
|
|
// Re-populate the public key in-case the JWKS
|
|
|
|
|
|
|
|
// pubkeys are refreshed
|
|
|
|
|
|
|
|
if err = p.PopulatePublicKey(); err != nil { |
|
|
|
|
|
|
|
return nil, err |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
jwtToken, err = jwtgo.ParseWithClaims(token, &claims, keyFuncCallback) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
return nil, err |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if !jwtToken.Valid { |
|
|
|
if !jwtToken.Valid { |
|
|
@ -317,6 +330,7 @@ func LookupConfig(kvs config.KVS, transport *http.Transport, closeRespFn func(io |
|
|
|
ClientID: env.Get(EnvIdentityOpenIDClientID, kvs.Get(ClientID)), |
|
|
|
ClientID: env.Get(EnvIdentityOpenIDClientID, kvs.Get(ClientID)), |
|
|
|
transport: transport, |
|
|
|
transport: transport, |
|
|
|
closeRespFn: closeRespFn, |
|
|
|
closeRespFn: closeRespFn, |
|
|
|
|
|
|
|
mutex: &sync.Mutex{}, // allocate for copying
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
configURL := env.Get(EnvIdentityOpenIDURL, kvs.Get(ConfigURL)) |
|
|
|
configURL := env.Get(EnvIdentityOpenIDURL, kvs.Get(ConfigURL)) |
|
|
|