-
Notifications
You must be signed in to change notification settings - Fork 91
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
JWT: Enable reading a JSON Web Key Set from a file (#180)
* Add ForwardingSignatureValidator ForwardingSignatureValidator holds a pointer to some other SignatureValidator and will forward ValidateSignature requests to this validator. The validator it references can be changed by calling Replace(). * Make JWKS a oneoff with either inline or file content This changes the jwt.proto definition to take either an inline JWKS struct, or a message containing a file path and a refresh interval. The intention is that when a file path and refresh interval is provided, we create a ForwardingSignatureValidator, and periodically update its internal SignatureValidator with content from the referenced file. When passing inline content, behavior should remain unchanged. * Load JWKS from a file When loading the JWT configuration, check if the config provides inline JWKS content, or a reference to a file. If we get a reference to a file, we set up a goroutine to periodically fetch the file and update a ForwardingSignatureValidator.
- Loading branch information
Showing
11 changed files
with
244 additions
and
91 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
package jwt | ||
|
||
import ( | ||
"sync/atomic" | ||
) | ||
|
||
// ForwardingSignatureValidator wraps another SignatureValidator. It is | ||
// used when the underlying SignatureValidator needs to be replaced at | ||
// runtime. | ||
type ForwardingSignatureValidator struct { | ||
validator atomic.Pointer[SignatureValidator] | ||
} | ||
|
||
// NewForwardingSignatureValidator creates a SignatureValidator that simply forwards | ||
// requests to another SignatureValidator. | ||
// This returns a pointer to the new ForwardingSignatureValidator, so as not to | ||
// copy the atomic.Pointer. | ||
func NewForwardingSignatureValidator(validator SignatureValidator) *ForwardingSignatureValidator { | ||
sv := ForwardingSignatureValidator{} | ||
sv.validator.Store(&validator) | ||
|
||
return &sv | ||
} | ||
|
||
// Replace replaces the registered SignatureValidator | ||
func (sv *ForwardingSignatureValidator) Replace(validator SignatureValidator) { | ||
sv.validator.Store(&validator) | ||
} | ||
|
||
// ValidateSignature validates a signature using the registered SignatureValidator | ||
func (sv *ForwardingSignatureValidator) ValidateSignature(algorithm string, keyID *string, headerAndPayload string, signature []byte) bool { | ||
return (*sv.validator.Load()).ValidateSignature(algorithm, keyID, headerAndPayload, signature) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.