-
Notifications
You must be signed in to change notification settings - Fork 10
/
session.go
105 lines (87 loc) · 3.12 KB
/
session.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
package stytch
import (
"strings"
"github.com/golang-jwt/jwt/v4"
)
type SessionsGetParams struct {
UserID string `json:"user_id"`
}
type SessionsGetResponse struct {
RequestID string `json:"request_id,omitempty"`
Sessions []Session `json:"sessions,omitempty"`
}
type SessionsGetJWKSParams struct {
ProjectID string `json:"project_id"`
}
type SessionsGetJWKSResponse struct {
RequestID string `json:"request_id,omitempty"`
Keys []Key `json:"keys,omitempty"`
}
type Key struct {
Typ string `json:"kty"`
Use string `json:"use"`
KeyOps []string `json:"key_ops"`
Alg string `json:"alg"`
KeyID string `json:"kid"`
X5C []string `json:"x5c"`
X5TS256 string `json:"x5tS256"`
N string `json:"n"`
E string `json:"e"`
}
type SessionsAuthenticateParams struct {
SessionToken string `json:"session_token,omitempty"`
SessionDurationMinutes int32 `json:"session_duration_minutes,omitempty"`
SessionJWT string `json:"session_jwt,omitempty"`
SessionCustomClaims map[string]interface{} `json:"session_custom_claims,omitempty"`
}
type SessionsAuthenticateResponse struct {
RequestID string `json:"request_id,omitempty"`
Session Session `json:"session,omitempty"`
SessionToken string `json:"session_token,omitempty"`
SessionJWT string `json:"session_jwt,omitempty"`
User User `json:"user,omitempty"`
}
type SessionsRevokeParams struct {
SessionID string `json:"session_id,omitempty"`
SessionToken string `json:"session_token,omitempty"`
}
type SessionsRevokeResponse struct {
RequestID string `json:"request_id,omitempty"`
}
type SessionClaim struct {
ID string `json:"id"`
StartedAt string `json:"started_at"`
LastAccessedAt string `json:"last_accessed_at"`
ExpiresAt string `json:"expires_at"`
Attributes Attributes `json:"attributes"`
AuthenticationFactors []AuthenticationFactor `json:"authentication_factors"`
}
type Claims struct {
StytchSession SessionClaim `json:"https://stytch.com/session"`
jwt.RegisteredClaims
}
// Validation options in GoJWT are currently unexported. Once they're exported, we
// can define this as a Valid() function, see
// https://github.com/golang-jwt/jwt/blob/1096e506e671d6d6fe134cc997bbd475937392c8/validator_option.go#L9-L11 //nolint:lll
func (c Claims) IsValid(projectID string) error {
vErr := new(jwt.ValidationError)
if !c.verifyIssuer(projectID) {
vErr.Inner = jwt.ErrTokenInvalidIssuer
vErr.Errors |= jwt.ValidationErrorIssuer
}
if !c.verifyAudience(projectID) {
vErr.Inner = jwt.ErrTokenInvalidAudience
vErr.Errors |= jwt.ValidationErrorAudience
}
if vErr.Errors == 0 {
return nil
}
return vErr
}
func (c *Claims) verifyIssuer(cmp string) bool {
issuerSplit := strings.Split(c.RegisteredClaims.Issuer, "/")
return len(issuerSplit) == 2 && issuerSplit[1] == cmp
}
func (c *Claims) verifyAudience(cmp string) bool {
return len(c.RegisteredClaims.Audience) == 1 && c.RegisteredClaims.Audience[0] == cmp
}