Updated: jwt-go is now v3.0.0.

glide.yaml

@@ -5,7 +5,7 @@ import:
 - package: github.com/asaskevich/govalidator
   version: ~4.0.0
 - package: github.com/dgrijalva/jwt-go
-  version: ~2.7.0
+  version: ~3.0.0
 - package: github.com/golang/mock
   subpackages:
   - gomock
@@ -38,3 +38,13 @@ testImport:
   subpackages:
   - assert
   - require
+- package: gopkg.in/gemnasium/logrus-airbrake-hook.v2
+  version: ^2.0.0
+- package: gopkg.in/airbrake/gobrake.v2
+  version: ^2.0.6
+- package: github.com/onsi/ginkgo
+  version: ^1.2.0
+- package: github.com/elazarl/goproxy
+  version: ^1.0.0
+- package: github.com/onsi/gomega
+  version: ^1.0.0

handler/oauth2/strategy_jwt.go

@@ -65,8 +65,8 @@ func (h *RS256JWTStrategy) validate(token string) error {
 		return err
 	}
 
-	claims := jwt.JWTClaimsFromMap(t.Claims)
-	if claims.IsNotYetValid() || claims.IsExpired() {
+	// validate the token
+	if err = t.Claims.Valid(); err != nil {
 		return errors.New("Token claims did not validate")
 	}
 
@@ -79,6 +79,6 @@ func (h *RS256JWTStrategy) generate(requester fosite.Requester) (string, string,
 	} else if jwtSession.GetJWTClaims() == nil {
 		return "", "", errors.New("GetTokenClaims() must not be nil")
 	} else {
-		return h.RS256JWTStrategy.Generate(jwtSession.GetJWTClaims(), jwtSession.GetJWTHeader())
+		return h.RS256JWTStrategy.Generate(jwtSession.GetJWTClaims().ToMapClaims(), jwtSession.GetJWTHeader())
 	}
 }

handler/openid/strategy_jwt.go

@@ -92,6 +92,6 @@ func (h DefaultStrategy) GenerateIDToken(_ context.Context, _ *http.Request, req
 	claims.Audience = requester.GetClient().GetID()
 	claims.IssuedAt = time.Now()
 
-	token, _, err = h.RS256JWTStrategy.Generate(claims, sess.IDTokenHeaders())
+	token, _, err = h.RS256JWTStrategy.Generate(claims.ToMapClaims(), sess.IDTokenHeaders())
 	return token, err
 }

token/jwt/claims.go

@@ -1,15 +1,15 @@
 package jwt
 
-import (
-	"time"
-)
+import "time"
 
+// Mapper is the interface used internally to map key-value pairs
 type Mapper interface {
 	ToMap() map[string]interface{}
 	Add(key string, value interface{})
 	Get(key string) interface{}
 }
 
+// ToString will return a string representation of a map
 func ToString(i interface{}) string {
 	if i == nil {
 		return ""
@@ -22,6 +22,7 @@ func ToString(i interface{}) string {
 	return ""
 }
 
+// ToTime will try to convert a given input to a time.Time structure
 func ToTime(i interface{}) time.Time {
 	if i == nil {
 		return time.Time{}
@@ -36,6 +37,7 @@ func ToTime(i interface{}) time.Time {
 	return time.Time{}
 }
 
+// Filter will filter out elemets based on keys in a given input map na key-slice
 func Filter(elements map[string]interface{}, keys ...string) map[string]interface{} {
 	var keyIdx = make(map[string]bool)
 	var result = make(map[string]interface{})
@@ -53,6 +55,7 @@ func Filter(elements map[string]interface{}, keys ...string) map[string]interfac
 	return result
 }
 
+// Copy will copy all elements in a map and return a new representational map
 func Copy(elements map[string]interface{}) (result map[string]interface{}) {
 	result = make(map[string]interface{}, len(elements))
 	for k, v := range elements {

token/jwt/claims_id_token.go

@@ -1,7 +1,12 @@
 package jwt
 
-import "time"
+import (
+	"time"
 
+	"github.com/dgrijalva/jwt-go"
+)
+
+// IDTokenClaims represent the claims used in open id connect requests
 type IDTokenClaims struct {
 	Issuer          string
 	Subject         string
@@ -15,6 +20,7 @@ type IDTokenClaims struct {
 	Extra           map[string]interface{}
 }
 
+// ToMap will transform the headers to a map structure
 func (c *IDTokenClaims) ToMap() map[string]interface{} {
 	var ret = Copy(c.Extra)
 	ret["sub"] = c.Subject
@@ -33,19 +39,27 @@ func (c *IDTokenClaims) ToMap() map[string]interface{} {
 	if !c.AuthTime.IsZero() {
 		ret["auth_time"] = c.AuthTime.Unix()
 	}
-	ret["iat"] = c.IssuedAt.Unix()
-	ret["exp"] = c.ExpiresAt.Unix()
+
+	ret["iat"] = float64(c.IssuedAt.Unix())
+	ret["exp"] = float64(c.ExpiresAt.Unix())
 	return ret
 
 }
 
+// Add will add a key-value pair to the extra field
 func (c *IDTokenClaims) Add(key string, value interface{}) {
 	if c.Extra == nil {
 		c.Extra = make(map[string]interface{})
 	}
 	c.Extra[key] = value
 }
 
+// Get will get a value from the extra field based on a given key
 func (c *IDTokenClaims) Get(key string) interface{} {
 	return c.ToMap()[key]
 }
+
+// ToMapClaims will return a jwt-go MapClaims representaion
+func (c IDTokenClaims) ToMapClaims() jwt.MapClaims {
+	return c.ToMap()
+}

token/jwt/claims_id_token_test.go

@@ -23,25 +23,21 @@ var idTokenClaims = &IDTokenClaims{
 	},
 }
 
-func TestIDTokenClaimsToMapSetsID(t *testing.T) {
-	assert.NotEmpty(t, (&JWTClaims{}).ToMap()["jti"])
-}
-
 func TestIDTokenAssert(t *testing.T) {
-	assert.False(t, (&JWTClaims{ExpiresAt: time.Now().Add(time.Hour)}).IsExpired())
-	assert.True(t, (&JWTClaims{ExpiresAt: time.Now().Add(-time.Hour)}).IsExpired())
-	assert.True(t, (&JWTClaims{NotBefore: time.Now().Add(time.Hour)}).IsNotYetValid())
-	assert.False(t, (&JWTClaims{NotBefore: time.Now().Add(-time.Hour)}).IsNotYetValid())
+	assert.Nil(t, (&IDTokenClaims{ExpiresAt: time.Now().Add(time.Hour)}).
+		ToMapClaims().Valid())
+	assert.NotNil(t, (&IDTokenClaims{ExpiresAt: time.Now().Add(-time.Hour)}).
+		ToMapClaims().Valid())
 }
 
 func TestIDTokenClaimsToMap(t *testing.T) {
 	assert.Equal(t, map[string]interface{}{
 		"sub":       idTokenClaims.Subject,
-		"iat":       idTokenClaims.IssuedAt.Unix(),
+		"iat":       float64(idTokenClaims.IssuedAt.Unix()),
 		"iss":       idTokenClaims.Issuer,
 		"aud":       idTokenClaims.Audience,
 		"nonce":     idTokenClaims.Nonce,
-		"exp":       idTokenClaims.ExpiresAt.Unix(),
+		"exp":       float64(idTokenClaims.ExpiresAt.Unix()),
 		"foo":       idTokenClaims.Extra["foo"],
 		"baz":       idTokenClaims.Extra["baz"],
 		"at_hash":   idTokenClaims.AccessTokenHash,