Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(idtoken): add ParsePayload returning unvalidated token payload #2136

Merged
merged 8 commits into from
Sep 14, 2023
Merged

feat(idtoken): add ParsePayload returning unvalidated token payload #2136

Changes from 3 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
4ce891b
Add GetPayload() that only returns the payload, skipping the token ve…
eytankidron Sep 7, 2023
7d1fa40
Merge branch 'main' into idtoken
eytankidron Sep 7, 2023
e7f106d
Merge branch 'main' into idtoken
eytankidron Sep 12, 2023
d404e85
Updated function header comments
eytankidron Sep 13, 2023
f7c3bb8
Merge branch 'idtoken' of github.com:eytankidron/google-api-go-client…
eytankidron Sep 13, 2023
6ef543e
Add unit test for GetPayload
eytankidron Sep 13, 2023
8ed04be
Change GetPayload to ParsePayload, remove Validator methos and leave …
eytankidron Sep 14, 2023
00b5d83
Merge branch 'main' into idtoken
eytankidron Sep 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 29 additions & 1 deletion idtoken/validate.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,34 @@ func Validate(ctx context.Context, idToken string, audience string) (*Payload, e
return defaultValidator.validate(ctx, idToken, audience)
}

// GetPayload just gets the payload part of the token.
noahdietz marked this conversation as resolved.
Show resolved Hide resolved
//
// WARNING: THIS FUNCTION DOES NOT VALIDATE THE TOKEN.
noahdietz marked this conversation as resolved.
Show resolved Hide resolved
//
// In fact, it explicitly skips the validation part. It should only be used to inspect the payload
// content of a token, perhaps for debugging purposes, as a means to try to figure out why the
// validation failed. Note that if Validate() succeeds, it already returns the exact payload that
// this function returns.
noahdietz marked this conversation as resolved.
Show resolved Hide resolved
func (v *Validator) GetPayload(ctx context.Context, idToken string) (*Payload, error) {
noahdietz marked this conversation as resolved.
Show resolved Hide resolved
jwt, err := parseJWT(idToken)
if err != nil {
return nil, err
}
return jwt.parsedPayload()
}

// GetPayload just gets the payload part of the token.
noahdietz marked this conversation as resolved.
Show resolved Hide resolved
//
// WARNING: THIS FUNCTION DOES NOT VALIDATE THE TOKEN.
noahdietz marked this conversation as resolved.
Show resolved Hide resolved
//
// In fact, it explicitly skips the validation part. It should only be used to inspect the payload
// content of a token, perhaps for debugging purposes, as a means to try to figure out why the
// validation failed. Note that if Validate() succeeds, it already returns the exact payload that
// this function returns.
noahdietz marked this conversation as resolved.
Show resolved Hide resolved
func GetPayload(ctx context.Context, idToken string) (*Payload, error) {
noahdietz marked this conversation as resolved.
Show resolved Hide resolved
return defaultValidator.GetPayload(ctx, idToken)
}

func (v *Validator) validate(ctx context.Context, idToken string, audience string) (*Payload, error) {
jwt, err := parseJWT(idToken)
if err != nil {
Expand All @@ -145,7 +173,7 @@ func (v *Validator) validate(ctx context.Context, idToken string, audience strin
}

if now().Unix() > payload.Expires {
return nil, fmt.Errorf("idtoken: token expired")
return nil, fmt.Errorf("idtoken: token expired: now=%v, expires=%v", now().Unix(), payload.Expires)
}

switch header.Algorithm {
Expand Down