-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.go
74 lines (63 loc) · 2.33 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
package main
import (
"context"
"flag"
"fmt"
"github.com/MicahParks/keyfunc"
"github.com/crossid/crossid-go/pkg/jwtmw"
"github.com/golang-jwt/jwt/v4"
"log"
"net/http"
)
// main is an example of an http server that protect a route by a OAuth2 JWT.
// before endpoint is invoked, a middleware ensures the token is valid and that the user is assigned to the relevant scopes.
//
//
// run example by: go run jwtmw_jwk/main.go --jwks-endpoint https://<tenant>.crossid.io/oauth2/.well-known/jwks.json
// to get a token, see examples/login folder
// once you have a token run:
// curl -i http://0.0.0.0:3000 -H "Authorization: Bearer <TOKEN>"
func main() {
jwksURLPtr := flag.String("jwks-endpoint", "https://demo.crossid.io/oauth2/.well-known/jwks.json", "Well known JWKs endpoint")
flag.Parse()
opts := keyfunc.Options{
RefreshErrorHandler: func(err error) {
log.Printf("There was an error with the jwt.KeyFunc\nError:%s\n", err.Error())
},
}
// Create the JWKs from the resource at the given URL.
jwks, err := keyfunc.Get(*jwksURLPtr, opts)
if err != nil {
log.Fatalf("Failed to create JWKs from resource at the given URL.\nError:%s\n", err.Error())
}
// Create the middleware provider.
authmw := jwtmw.NewJWT(&jwtmw.JwtMiddlewareOpts{
// Ensure signing method to avoid tokens ׳with "none" method.
SigningMethod: jwt.SigningMethodRS256,
Logger: func(level jwtmw.Level, format string, args ...interface{}) {
log.Fatalf(format, args...)
},
KeyFunc: func(ctx context.Context, t *jwt.Token) (interface{}, error) {
return jwks.KeyFunc(t)
},
})
// Create a middleware that ensures token has the "openid" and "profile" scope.
withScopes := jwtmw.WithScopes("openid", "profile")
// Our protected handler
var protectedHandler = http.HandlerFunc(func(writer http.ResponseWriter, req *http.Request) {
// tok is the verified JWT token
tok := req.Context().Value(jwtmw.TokenCtxKey)
// Write the JWT claims.
for claim, value := range tok.(*jwt.Token).Claims.(jwt.MapClaims) {
_, _ = writer.Write([]byte(fmt.Sprintf(" %s :%#v\n", claim, value)))
}
// Write a 200 response.
writer.WriteHeader(200)
})
// wrap handler with auth middlewares
app := authmw.Handler(withScopes(protectedHandler))
fmt.Println("serving on 0.0.0.0:3000")
if err = http.ListenAndServe("0.0.0.0:3000", app); err != nil {
panic(err.Error())
}
}