towk/opaal
1
0
Fork 0
mirror of https://github.com/davidallendj/opaal.git synced 2025-12-20 03:27:02 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Changed default expiration for token

Browse source
This commit is contained in:
David J. Allen 2024-04-17 17:23:36 -06:00
parent 13a35081d7
commit af79cfe254
No known key found for this signature in database
GPG key ID: 717C593FF60A2ACC
1 changed files with 16 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

19
internal/flows/jwt_bearer.go
View file

@ -60,7 +60,7 @@ func NewJwtBearerFlow(eps JwtBearerFlowEndpoints, params JwtBearerFlowParams) (s
} }
} }
// 2. Check if we are already registered as a trusted issuer with authorization server... // TODO: 2. Check if we are already registered as a trusted issuer with authorization server...
// 3.a if not, create a new JWKS (or just JWK) to be verified // 3.a if not, create a new JWKS (or just JWK) to be verified
var ( var (
@ -77,7 +77,7 @@ func NewJwtBearerFlow(eps JwtBearerFlowEndpoints, params JwtBearerFlowParams) (s
if err != nil { if err != nil {
return "", fmt.Errorf("failed to generate new RSA key: %v", err) return "", fmt.Errorf("failed to generate new RSA key: %v", err)
} }
privateJwk, publicJwk, err = cryptox.GenerateJwkKeyPairFromPrivateKey(privateKey) privateJwk, publicJwk, err = GenerateJwkKeyPairFromPrivateKey(privateKey) // FIXME: needs to pull correct version from cryptox
if err != nil { if err != nil {
return "", fmt.Errorf("failed to generate JWK pair from private key: %v", err) return "", fmt.Errorf("failed to generate JWK pair from private key: %v", err)
} }
@ -130,12 +130,13 @@ func NewJwtBearerFlow(eps JwtBearerFlowEndpoints, params JwtBearerFlowParams) (s
if err != nil { if err != nil {
return "", fmt.Errorf("failed to parse ID token: %v", err) return "", fmt.Errorf("failed to parse ID token: %v", err)
} }
payload := parsedIdToken.PrivateClaims() payload := parsedIdToken.PrivateClaims()
payload["iss"] = trustedIssuer.Issuer payload["iss"] = trustedIssuer.Issuer
payload["aud"] = []string{eps.Token} payload["aud"] = []string{eps.Token}
payload["iat"] = time.Now().Unix() payload["iat"] = time.Now().Unix()
payload["nbf"] = time.Now().Unix() payload["nbf"] = time.Now().Unix()
payload["exp"] = time.Now().Add(time.Second * 3600).Unix() payload["exp"] = time.Now().Add(time.Second * 3600 * 16).Unix()
payload["sub"] = "opaal" payload["sub"] = "opaal"
// include the offline_access scope if refresh tokens are enabled // include the offline_access scope if refresh tokens are enabled
@ -339,3 +340,15 @@ func ForwardToken(eps JwtBearerFlowEndpoints, params JwtBearerFlowParams) error
} }
return nil return nil
} }
func GenerateJwkKeyPairFromPrivateKey(privateKey *rsa.PrivateKey) (jwk.Key, jwk.Key, error) {
privateJwk, err := jwk.FromRaw(privateKey)
if err != nil {
return nil, nil, fmt.Errorf("failed to create private JWK: %v", err)
}
publicJwk, err := jwk.PublicKeyOf(privateJwk)
if err != nil {
return nil, nil, fmt.Errorf("failed to create public JWK: %v", err)
}
return privateJwk, publicJwk, nil
}