-
Notifications
You must be signed in to change notification settings - Fork 2
/
auth.go
69 lines (55 loc) · 1.6 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
package server
import (
"net/http"
jwt "github.com/dgrijalva/jwt-go"
"github.com/pkg/errors"
"github.com/dpb587/ssoca/auth"
"github.com/dpb587/ssoca/auth/authn"
apierr "github.com/dpb587/ssoca/server/api/errors"
uaainternal "github.com/dpb587/ssoca/service/uaaauth/internal"
)
func (s Service) SupportsRequestAuth(r http.Request) (bool, error) {
tokenValue, err := authn.ExtractBearerTokenValue(r)
if err != nil {
return false, nil
} else if tokenValue == "" {
return false, nil
}
claims := uaainternal.Token{}
p := &jwt.Parser{}
_, _, err = p.ParseUnverified(tokenValue, &claims)
if err != nil {
return false, nil
}
return true, nil
}
func (s Service) ParseRequestAuth(r http.Request) (*auth.Token, error) {
tokenValue, err := authn.ExtractBearerTokenValue(r)
if err != nil {
return nil, err
} else if tokenValue == "" {
return nil, nil
}
claims := uaainternal.Token{}
_, err = jwt.ParseWithClaims(
tokenValue,
&claims,
func(token *jwt.Token) (interface{}, error) {
if token.Method == jwt.SigningMethodNone {
return nil, apierr.NewError(errors.New("no signing method used"), http.StatusForbidden, "")
}
return jwt.ParseRSAPublicKeyFromPEM([]byte(s.config.PublicKey))
},
)
if err != nil {
return nil, apierr.NewError(errors.Wrap(err, "parsing claims"), http.StatusForbidden, "")
}
token := auth.Token{}
token.ID = claims.Username
token.Attributes = map[auth.TokenAttribute]*string{}
token.Attributes[auth.TokenUsernameAttribute] = &claims.Username
for _, scope := range claims.Scopes {
token.Groups = append(token.Groups, scope)
}
return &token, nil
}