change token claims behaviour

MadAppGang · Aug 17, 2024 · 8ccd92a · 8ccd92a
1 parent d0f23c4
commit 8ccd92a
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 16 deletions.
diff --git a/jwt/service/jwt_token_service.go b/jwt/service/jwt_token_service.go
@@ -232,7 +232,7 @@ func (ts *JWTokenService) NewAccessToken(u model.User, scopes []string, app mode
 		lifespan = TokenLifespan
 	}
 
-	claims := model.Claims{
+	claims := &model.Claims{
 		Scopes:  strings.Join(scopes, " "),
 		Payload: payload,
 		Type:    tokenType,
@@ -282,7 +282,7 @@ func (ts *JWTokenService) NewRefreshToken(u model.User, scopes []string, app mod
 		lifespan = RefreshTokenLifespan
 	}
 
-	claims := model.Claims{
+	claims := &model.Claims{
 		Scopes:  strings.Join(scopes, " "),
 		Payload: payload,
 		Type:    model.TokenTypeRefresh,
@@ -418,7 +418,7 @@ func (ts *JWTokenService) NewResetToken(userID string) (model.Token, error) {
 
 	lifespan := ts.resetTokenLifespan
 
-	claims := model.Claims{
+	claims := &model.Claims{
 		Type: model.TokenTypeReset,
 		StandardClaims: jwt.StandardClaims{
 			ExpiresAt: (now + lifespan),
@@ -450,7 +450,7 @@ func (ts *JWTokenService) NewWebCookieToken(u model.User) (model.Token, error) {
 	now := ijwt.TimeFunc().Unix()
 	lifespan := ts.resetTokenLifespan
 
-	claims := model.Claims{
+	claims := &model.Claims{
 		Type: model.TokenTypeWebCookie,
 		StandardClaims: jwt.StandardClaims{
 			ExpiresAt: (now + lifespan),

diff --git a/model/token.go b/model/token.go
@@ -38,7 +38,7 @@ type Token interface {
 }
 
 // NewTokenWithClaims generates new JWT token with claims and keyID.
-func NewTokenWithClaims(method jwt.SigningMethod, kid string, claims jwt.Claims) *jwt.Token {
+func NewTokenWithClaims(method jwt.SigningMethod, kid string, claims *Claims) *jwt.Token {
 	return &jwt.Token{
 		Header: map[string]interface{}{
 			"typ": "JWT",

diff --git a/web/api/federated_oidc_login.go b/web/api/federated_oidc_login.go
@@ -368,7 +368,7 @@ func (ar *Router) completeOIDCAuth(
 
 	providerScope, ok := providerScopeVal.(string)
 	if !ok {
-		ar.logger.Printf("oidc returned scope is not string but %T %+v", providerScope, providerScope)
+		ar.logger.Printf("oidc returned scope is not string but %T %+v", providerScopeVal, providerScopeVal)
 	}
 
 	// Extract the ID Token from OAuth2 token.

diff --git a/web/api/federated_oidc_server_test.go b/web/api/federated_oidc_server_test.go
@@ -11,7 +11,6 @@ import (
 
 	jwt "github.com/golang-jwt/jwt/v4"
 	ijwt "github.com/madappgang/identifo/v2/jwt"
-	"github.com/madappgang/identifo/v2/model"
 	"github.com/madappgang/identifo/v2/web/api"
 )
 
@@ -65,15 +64,25 @@ func testOIDCServer() (*httptest.Server, context.CancelFunc) {
 	})
 
 	mux.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {
-		idt, err := model.NewTokenWithClaims(jwt.SigningMethodES256, "kid", jwt.MapClaims{
-			"sub":    "abc",
-			"emails": []string{"some@example.com"},
-			"email":  "some@example.com",
-			"iss":    cfg.Issuer,
-			"aud":    "test",
-			"exp":    time.Now().Add(time.Hour).Unix(),
-			"iat":    time.Now().Unix(),
-		}).SignedString(privateKey)
+		token := jwt.Token{
+			Header: map[string]interface{}{
+				"typ": "JWT",
+				"alg": jwt.SigningMethodES256.Alg(),
+				"kid": "kid",
+			},
+			Claims: jwt.MapClaims{
+				"sub":    "abc",
+				"emails": []string{"some@example.com"},
+				"email":  "some@example.com",
+				"iss":    cfg.Issuer,
+				"aud":    "test",
+				"exp":    time.Now().Add(time.Hour).Unix(),
+				"iat":    time.Now().Unix(),
+			},
+			Method: jwt.SigningMethodES256,
+		}
+
+		idt, err := token.SignedString(privateKey)
 		if err != nil {
 			panic(err)
 		}