Update create token to auth/token types
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This commit is contained in:
Derek McGowan
parent
fd17443988
commit
08d1f035f0
1 changed files with 22 additions and 17 deletions
|
|
@ -61,7 +61,7 @@ type TokenIssuer struct {
|
||||||
Expiration time.Duration
|
Expiration time.Duration
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreateJWT creates and signs a JSON Web Token for the given account and
|
// CreateJWT creates and signs a JSON Web Token for the given subject and
|
||||||
// audience with the granted access.
|
// audience with the granted access.
|
||||||
func (issuer *TokenIssuer) CreateJWT(subject string, audience string, grantedAccessList []auth.Access) (string, error) {
|
func (issuer *TokenIssuer) CreateJWT(subject string, audience string, grantedAccessList []auth.Access) (string, error) {
|
||||||
// Make a set of access entries to put in the token's claimset.
|
// Make a set of access entries to put in the token's claimset.
|
||||||
|
|
@ -75,14 +75,14 @@ func (issuer *TokenIssuer) CreateJWT(subject string, audience string, grantedAcc
|
||||||
actionSet[access.Action] = struct{}{}
|
actionSet[access.Action] = struct{}{}
|
||||||
}
|
}
|
||||||
|
|
||||||
accessEntries := make([]token.ResourceActions, 0, len(resourceActionSets))
|
accessEntries := make([]*token.ResourceActions, 0, len(resourceActionSets))
|
||||||
for resource, actionSet := range resourceActionSets {
|
for resource, actionSet := range resourceActionSets {
|
||||||
actions := make([]string, 0, len(actionSet))
|
actions := make([]string, 0, len(actionSet))
|
||||||
for action := range actionSet {
|
for action := range actionSet {
|
||||||
actions = append(actions, action)
|
actions = append(actions, action)
|
||||||
}
|
}
|
||||||
|
|
||||||
accessEntries = append(accessEntries, token.ResourceActions{
|
accessEntries = append(accessEntries, &token.ResourceActions{
|
||||||
Type: resource.Type,
|
Type: resource.Type,
|
||||||
Name: resource.Name,
|
Name: resource.Name,
|
||||||
Actions: actions,
|
Actions: actions,
|
||||||
|
|
@ -109,15 +109,20 @@ func (issuer *TokenIssuer) CreateJWT(subject string, audience string, grantedAcc
|
||||||
panic(fmt.Errorf("unsupported signing key type %q", issuer.SigningKey.KeyType()))
|
panic(fmt.Errorf("unsupported signing key type %q", issuer.SigningKey.KeyType()))
|
||||||
}
|
}
|
||||||
|
|
||||||
joseHeader := map[string]interface{}{
|
joseHeader := token.Header{
|
||||||
"typ": "JWT",
|
Type: "JWT",
|
||||||
"alg": alg,
|
SigningAlg: alg,
|
||||||
}
|
}
|
||||||
|
|
||||||
if x5c := issuer.SigningKey.GetExtendedField("x5c"); x5c != nil {
|
if x5c := issuer.SigningKey.GetExtendedField("x5c"); x5c != nil {
|
||||||
joseHeader["x5c"] = x5c
|
joseHeader.X5c = x5c.([]string)
|
||||||
} else {
|
} else {
|
||||||
joseHeader["jwk"] = issuer.SigningKey.PublicKey()
|
var jwkMessage json.RawMessage
|
||||||
|
jwkMessage, err = issuer.SigningKey.PublicKey().MarshalJSON()
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
joseHeader.RawJWK = &jwkMessage
|
||||||
}
|
}
|
||||||
|
|
||||||
exp := issuer.Expiration
|
exp := issuer.Expiration
|
||||||
|
|
@ -125,16 +130,16 @@ func (issuer *TokenIssuer) CreateJWT(subject string, audience string, grantedAcc
|
||||||
exp = 5 * time.Minute
|
exp = 5 * time.Minute
|
||||||
}
|
}
|
||||||
|
|
||||||
claimSet := map[string]interface{}{
|
claimSet := token.ClaimSet{
|
||||||
"iss": issuer.Issuer,
|
Issuer: issuer.Issuer,
|
||||||
"sub": subject,
|
Subject: subject,
|
||||||
"aud": audience,
|
Audience: audience,
|
||||||
"exp": now.Add(exp).Unix(),
|
Expiration: now.Add(exp).Unix(),
|
||||||
"nbf": now.Unix(),
|
NotBefore: now.Unix(),
|
||||||
"iat": now.Unix(),
|
IssuedAt: now.Unix(),
|
||||||
"jti": randomID,
|
JWTID: randomID,
|
||||||
|
|
||||||
"access": accessEntries,
|
Access: accessEntries,
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue