-
Notifications
You must be signed in to change notification settings - Fork 13
/
clientsecretjwtauthenticator.go
57 lines (48 loc) · 1.35 KB
/
clientsecretjwtauthenticator.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
package oauth
import (
"net/url"
"time"
"github.com/golang-jwt/jwt"
"github.com/google/uuid"
)
type clientSecretJwtAuthenticator struct {
clientID string
clientSecret string
scope string
issuer string
aud string
signingMethod string
}
// prepareInitialToken prepares a token for an access request
func (p *clientSecretJwtAuthenticator) prepareInitialToken() (string, error) {
now := time.Now()
token := jwt.NewWithClaims(getSigningMethod(p.signingMethod, jwt.SigningMethodHS256), jwt.StandardClaims{
Issuer: p.issuer,
Subject: p.clientID,
Audience: p.aud,
ExpiresAt: now.Add(60*time.Second).UnixNano() / 1e9,
IssuedAt: now.UnixNano() / 1e9,
Id: uuid.New().String(),
})
requestToken, err := token.SignedString([]byte(p.clientSecret))
if err != nil {
return "", err
}
return requestToken, nil
}
func (p *clientSecretJwtAuthenticator) prepareRequest() (url.Values, map[string]string, error) {
requestToken, err := p.prepareInitialToken()
if err != nil {
return nil, nil, err
}
v := url.Values{
metaGrantType: []string{GrantTypeClientCredentials},
metaClientID: []string{p.clientID},
metaClientAssertionType: []string{assertionTypeJWT},
metaClientAssertion: []string{requestToken},
}
if p.scope != "" {
v.Add(metaScope, p.scope)
}
return v, nil, nil
}