-
Notifications
You must be signed in to change notification settings - Fork 1
/
claims_id_token.go
140 lines (116 loc) · 3.7 KB
/
claims_id_token.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
// Copyright © 2023 Ory Corp
// SPDX-License-Identifier: Apache-2.0
package jwt
import (
"time"
"github.com/google/uuid"
"authelia.com/provider/oauth2/internal/consts"
)
// IDTokenClaims represent the claims used in open id connect requests
type IDTokenClaims struct {
JTI string `json:"jti"`
Issuer string `json:"iss"`
Subject string `json:"sub"`
Audience []string `json:"aud"`
Nonce string `json:"nonce"`
ExpiresAt time.Time `json:"exp"`
IssuedAt time.Time `json:"iat"`
RequestedAt time.Time `json:"rat"`
AuthTime time.Time `json:"auth_time"`
AccessTokenHash string `json:"at_hash"`
AuthenticationContextClassReference string `json:"acr"`
AuthenticationMethodsReferences []string `json:"amr"`
CodeHash string `json:"c_hash"`
StateHash string `json:"s_hash"`
Extra map[string]any `json:"ext"`
}
// ToMap will transform the headers to a map structure
func (c *IDTokenClaims) ToMap() map[string]any {
var ret = Copy(c.Extra)
if c.Subject != "" {
ret[consts.ClaimSubject] = c.Subject
} else {
delete(ret, consts.ClaimSubject)
}
if c.Issuer != "" {
ret[consts.ClaimIssuer] = c.Issuer
} else {
delete(ret, consts.ClaimIssuer)
}
if c.JTI != "" {
ret[consts.ClaimJWTID] = c.JTI
} else {
ret[consts.ClaimJWTID] = uuid.New().String()
}
if len(c.Audience) > 0 {
ret[consts.ClaimAudience] = c.Audience
} else {
ret[consts.ClaimAudience] = []string{}
}
if !c.IssuedAt.IsZero() {
ret[consts.ClaimIssuedAt] = c.IssuedAt.Unix()
} else {
delete(ret, consts.ClaimIssuedAt)
}
if !c.ExpiresAt.IsZero() {
ret[consts.ClaimExpirationTime] = c.ExpiresAt.Unix()
} else {
delete(ret, consts.ClaimExpirationTime)
}
if !c.RequestedAt.IsZero() {
ret[consts.ClaimRequestedAt] = c.RequestedAt.Unix()
} else {
delete(ret, consts.ClaimRequestedAt)
}
if len(c.Nonce) > 0 {
ret[consts.ClaimNonce] = c.Nonce
} else {
delete(ret, consts.ClaimNonce)
}
if len(c.AccessTokenHash) > 0 {
ret[consts.ClaimAccessTokenHash] = c.AccessTokenHash
} else {
delete(ret, consts.ClaimAccessTokenHash)
}
if len(c.CodeHash) > 0 {
ret[consts.ClaimCodeHash] = c.CodeHash
} else {
delete(ret, consts.ClaimCodeHash)
}
if len(c.StateHash) > 0 {
ret[consts.ClaimStateHash] = c.StateHash
} else {
delete(ret, consts.ClaimStateHash)
}
if !c.AuthTime.IsZero() {
ret[consts.ClaimAuthenticationTime] = c.AuthTime.Unix()
} else {
delete(ret, consts.ClaimAuthenticationTime)
}
if len(c.AuthenticationContextClassReference) > 0 {
ret[consts.ClaimAuthenticationContextClassReference] = c.AuthenticationContextClassReference
} else {
delete(ret, consts.ClaimAuthenticationContextClassReference)
}
if len(c.AuthenticationMethodsReferences) > 0 {
ret[consts.ClaimAuthenticationMethodsReference] = c.AuthenticationMethodsReferences
} else {
delete(ret, consts.ClaimAuthenticationMethodsReference)
}
return ret
}
// Add will add a key-value pair to the extra field
func (c *IDTokenClaims) Add(key string, value any) {
if c.Extra == nil {
c.Extra = make(map[string]any)
}
c.Extra[key] = value
}
// Get will get a value from the extra field based on a given key
func (c *IDTokenClaims) Get(key string) any {
return c.ToMap()[key]
}
// ToMapClaims will return a jwt-go MapClaims representation
func (c IDTokenClaims) ToMapClaims() MapClaims {
return c.ToMap()
}