diff --git a/jwt/service/jwt_token_service.go b/jwt/service/jwt_token_service.go index c073b438..e36736c2 100644 --- a/jwt/service/jwt_token_service.go +++ b/jwt/service/jwt_token_service.go @@ -232,7 +232,7 @@ func (ts *JWTokenService) NewAccessToken(u model.User, scopes []string, app mode lifespan = TokenLifespan } - claims := model.Claims{ + claims := &model.Claims{ Scopes: strings.Join(scopes, " "), Payload: payload, Type: tokenType, @@ -282,7 +282,7 @@ func (ts *JWTokenService) NewRefreshToken(u model.User, scopes []string, app mod lifespan = RefreshTokenLifespan } - claims := model.Claims{ + claims := &model.Claims{ Scopes: strings.Join(scopes, " "), Payload: payload, Type: model.TokenTypeRefresh, @@ -418,7 +418,7 @@ func (ts *JWTokenService) NewResetToken(userID string) (model.Token, error) { lifespan := ts.resetTokenLifespan - claims := model.Claims{ + claims := &model.Claims{ Type: model.TokenTypeReset, StandardClaims: jwt.StandardClaims{ ExpiresAt: (now + lifespan), @@ -450,7 +450,7 @@ func (ts *JWTokenService) NewWebCookieToken(u model.User) (model.Token, error) { now := ijwt.TimeFunc().Unix() lifespan := ts.resetTokenLifespan - claims := model.Claims{ + claims := &model.Claims{ Type: model.TokenTypeWebCookie, StandardClaims: jwt.StandardClaims{ ExpiresAt: (now + lifespan), diff --git a/model/token.go b/model/token.go index b36eb981..1b12572d 100644 --- a/model/token.go +++ b/model/token.go @@ -38,7 +38,7 @@ type Token interface { } // NewTokenWithClaims generates new JWT token with claims and keyID. -func NewTokenWithClaims(method jwt.SigningMethod, kid string, claims jwt.Claims) *jwt.Token { +func NewTokenWithClaims(method jwt.SigningMethod, kid string, claims *Claims) *jwt.Token { return &jwt.Token{ Header: map[string]interface{}{ "typ": "JWT", diff --git a/web/api/federated_oidc_login.go b/web/api/federated_oidc_login.go index e07cc96a..60aef165 100644 --- a/web/api/federated_oidc_login.go +++ b/web/api/federated_oidc_login.go @@ -368,7 +368,7 @@ func (ar *Router) completeOIDCAuth( providerScope, ok := providerScopeVal.(string) if !ok { - ar.logger.Printf("oidc returned scope is not string but %T %+v", providerScope, providerScope) + ar.logger.Printf("oidc returned scope is not string but %T %+v", providerScopeVal, providerScopeVal) } // Extract the ID Token from OAuth2 token. diff --git a/web/api/federated_oidc_server_test.go b/web/api/federated_oidc_server_test.go index 6ce56b64..dfd900db 100644 --- a/web/api/federated_oidc_server_test.go +++ b/web/api/federated_oidc_server_test.go @@ -11,7 +11,6 @@ import ( jwt "github.com/golang-jwt/jwt/v4" ijwt "github.com/madappgang/identifo/v2/jwt" - "github.com/madappgang/identifo/v2/model" "github.com/madappgang/identifo/v2/web/api" ) @@ -65,15 +64,25 @@ func testOIDCServer() (*httptest.Server, context.CancelFunc) { }) mux.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) { - idt, err := model.NewTokenWithClaims(jwt.SigningMethodES256, "kid", jwt.MapClaims{ - "sub": "abc", - "emails": []string{"some@example.com"}, - "email": "some@example.com", - "iss": cfg.Issuer, - "aud": "test", - "exp": time.Now().Add(time.Hour).Unix(), - "iat": time.Now().Unix(), - }).SignedString(privateKey) + token := jwt.Token{ + Header: map[string]interface{}{ + "typ": "JWT", + "alg": jwt.SigningMethodES256.Alg(), + "kid": "kid", + }, + Claims: jwt.MapClaims{ + "sub": "abc", + "emails": []string{"some@example.com"}, + "email": "some@example.com", + "iss": cfg.Issuer, + "aud": "test", + "exp": time.Now().Add(time.Hour).Unix(), + "iat": time.Now().Unix(), + }, + Method: jwt.SigningMethodES256, + } + + idt, err := token.SignedString(privateKey) if err != nil { panic(err) }