-
Notifications
You must be signed in to change notification settings - Fork 0
/
custom.go
79 lines (66 loc) · 1.94 KB
/
custom.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
package providersmgr
import (
"context"
"log/slog"
"github.com/golang-jwt/jwt/v5"
"go.openfort.xyz/shield/internal/core/domain/provider"
"go.openfort.xyz/shield/internal/core/ports/providers"
"go.openfort.xyz/shield/pkg/logger"
)
type custom struct {
config *provider.CustomConfig
logger *slog.Logger
}
var _ providers.IdentityProvider = (*custom)(nil)
func newCustomProvider(providerConfig *provider.CustomConfig) providers.IdentityProvider {
return &custom{
config: providerConfig,
logger: logger.New("custom_provider"),
}
}
func (c *custom) GetProviderID() string {
return c.config.ProviderID
}
func (c *custom) Identify(ctx context.Context, token string, _ ...providers.CustomOption) (string, error) {
c.logger.InfoContext(ctx, "identifying user")
var externalUserID string
var err error
switch {
case c.config.PEM != "" && c.config.KeyType != provider.KeyTypeUnknown:
externalUserID, err = c.validatePEM(token)
case c.config.JWK != "":
externalUserID, err = validateJWKs(token, c.config.JWK)
default:
return "", ErrProviderMisconfigured
}
if err != nil {
c.logger.ErrorContext(ctx, "failed to validate jwt", logger.Error(err))
return "", err
}
return externalUserID, nil
}
func (c *custom) validatePEM(token string) (string, error) {
var keyFunc jwt.Keyfunc
switch c.config.KeyType {
case provider.KeyTypeRSA:
keyFunc = func(*jwt.Token) (interface{}, error) {
return jwt.ParseRSAPublicKeyFromPEM([]byte(c.config.PEM))
}
case provider.KeyTypeECDSA:
keyFunc = func(*jwt.Token) (interface{}, error) {
return jwt.ParseECPublicKeyFromPEM([]byte(c.config.PEM))
}
case provider.KeyTypeEd25519:
keyFunc = func(*jwt.Token) (interface{}, error) {
return jwt.ParseEdPublicKeyFromPEM([]byte(c.config.PEM))
}
default:
return "", ErrCertTypeNotSupported
}
parsed, err := jwt.Parse(token, keyFunc)
if err != nil {
return "", err
}
claims := parsed.Claims.(jwt.MapClaims)
return claims["sub"].(string), nil
}