From 0b6d1dca75c153f826a642126d500b5e50097983 Mon Sep 17 00:00:00 2001
From: Alberto Ricart <alberto@synadia.com>
Date: Tue, 14 Jan 2020 14:07:35 -0400
Subject: [PATCH] Added a field to the user JWT that disables nonce
 verification when set. (#62)

* Added a field to the user JWT that disables nonce verification when set.

* moved BearerToken to be inside of the "nats" configuration
---
 account_claims_test.go    | 2 +-
 activation_claims_test.go | 2 +-
 cluster_claims_test.go    | 2 +-
 go.mod                    | 2 ++
 operator_claims_test.go   | 2 +-
 server_claims_test.go     | 2 +-
 user_claims.go            | 7 +++++++
 user_claims_test.go       | 2 +-
 8 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/account_claims_test.go b/account_claims_test.go
index bdeb1de..c9fe4a2 100644
--- a/account_claims_test.go
+++ b/account_claims_test.go
@@ -228,7 +228,7 @@ func TestAccountImports(t *testing.T) {
 func TestNewNilAccountClaim(t *testing.T) {
 	v := NewAccountClaims("")
 	if v != nil {
-		t.Fatal(fmt.Sprintf("expected nil account claim"))
+		t.Fatal("expected nil account claim")
 	}
 }
 
diff --git a/activation_claims_test.go b/activation_claims_test.go
index aed77df..19532b3 100644
--- a/activation_claims_test.go
+++ b/activation_claims_test.go
@@ -136,7 +136,7 @@ func TestPublicIsNotValid(t *testing.T) {
 func TestNilActivationClaim(t *testing.T) {
 	v := NewActivationClaims("")
 	if v != nil {
-		t.Fatal(fmt.Sprintf("expected nil user claim"))
+		t.Fatal("expected nil user claim")
 	}
 }
 
diff --git a/cluster_claims_test.go b/cluster_claims_test.go
index bc84c77..5573c8d 100644
--- a/cluster_claims_test.go
+++ b/cluster_claims_test.go
@@ -113,7 +113,7 @@ func TestClusterSubjects(t *testing.T) {
 func TestNewNilClusterClaims(t *testing.T) {
 	v := NewClusterClaims("")
 	if v != nil {
-		t.Fatal(fmt.Sprintf("expected nil user claim"))
+		t.Fatal("expected nil user claim")
 	}
 }
 
diff --git a/go.mod b/go.mod
index a780dde..778d12c 100644
--- a/go.mod
+++ b/go.mod
@@ -1,3 +1,5 @@
 module github.com/nats-io/jwt
 
 require github.com/nats-io/nkeys v0.1.3
+
+go 1.13
diff --git a/operator_claims_test.go b/operator_claims_test.go
index 750dce1..73cae23 100644
--- a/operator_claims_test.go
+++ b/operator_claims_test.go
@@ -110,7 +110,7 @@ func TestInvalidOperatorClaimIssuer(t *testing.T) {
 func TestNewNilOperatorClaims(t *testing.T) {
 	v := NewOperatorClaims("")
 	if v != nil {
-		t.Fatal(fmt.Sprintf("expected nil user claim"))
+		t.Fatal("expected nil user claim")
 	}
 }
 
diff --git a/server_claims_test.go b/server_claims_test.go
index b81c829..70fc3d5 100644
--- a/server_claims_test.go
+++ b/server_claims_test.go
@@ -113,7 +113,7 @@ func TestServerSubjects(t *testing.T) {
 func TestNewNilServerClaims(t *testing.T) {
 	v := NewServerClaims("")
 	if v != nil {
-		t.Fatal(fmt.Sprintf("expected nil user claim"))
+		t.Fatal("expected nil user claim")
 	}
 }
 
diff --git a/user_claims.go b/user_claims.go
index 0ec1da3..78fe6a9 100644
--- a/user_claims.go
+++ b/user_claims.go
@@ -25,12 +25,14 @@ import (
 type User struct {
 	Permissions
 	Limits
+	BearerToken bool `json:"bearer_token,omitempty"`
 }
 
 // Validate checks the permissions and limits in a User jwt
 func (u *User) Validate(vr *ValidationResults) {
 	u.Permissions.Validate(vr)
 	u.Limits.Validate(vr)
+	// When BearerToken is true server will ignore any nonce-signing verification
 }
 
 // UserClaims defines a user JWT
@@ -97,3 +99,8 @@ func (u *UserClaims) Payload() interface{} {
 func (u *UserClaims) String() string {
 	return u.ClaimsData.String(u)
 }
+
+// IsBearerToken returns true if nonce-signing requirements should be skipped
+func (u *UserClaims) IsBearerToken() bool {
+	return u.BearerToken
+}
diff --git a/user_claims_test.go b/user_claims_test.go
index 7c8f547..c9da7fe 100644
--- a/user_claims_test.go
+++ b/user_claims_test.go
@@ -113,7 +113,7 @@ func TestUserSubjects(t *testing.T) {
 func TestNewNilUserClaim(t *testing.T) {
 	v := NewUserClaims("")
 	if v != nil {
-		t.Fatal(fmt.Sprintf("expected nil user claim"))
+		t.Fatal("expected nil user claim")
 	}
 }