-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserver_auth.go
63 lines (52 loc) · 1.63 KB
/
server_auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
package jwtauth
import (
"crypto/rsa"
"github.com/golang-jwt/jwt"
"github.com/pkg/errors"
)
// ServerAuth is used to authenticate clients. It can generate token from Claims and
// regenerate Claims from token
type ServerAuth struct {
privateKey *rsa.PrivateKey
publicKID string
algorithm string
signingMethod jwt.SigningMethod
parser *jwt.Parser
}
// NewServerAuth Create ServerAuth with given configurations
func NewServerAuth(privateKey *rsa.PrivateKey, publicKID string, alg string) (*ServerAuth, error) {
if privateKey == nil {
return nil, errors.New("privateKey can not be nil")
}
if publicKID == "" {
return nil, errors.New("publicKID can not be empty")
}
if err := jwt.GetSigningMethod(alg); err == nil {
return nil, errors.New("invalid algorithm")
}
parser := jwt.Parser{
ValidMethods: []string{alg},
}
serverAuth := ServerAuth{
privateKey: privateKey,
publicKID: publicKID,
algorithm: alg,
signingMethod: jwt.GetSigningMethod(alg),
parser: &parser,
}
return &serverAuth, nil
}
// GenerateToken generate new token with provided signing method
// generatedToken will then be signed using private key of ServerAuth
func (a *ServerAuth) GenerateToken(c Claims) (string, error) {
// generating token with signing method
token := jwt.NewWithClaims(a.signingMethod, c)
// adding kid to token header so that we can use multiple keys for authentication.
token.Header["kid"] = a.publicKID
// finally signing token with our private key
accessToken, err := token.SignedString(a.privateKey)
if err != nil {
return "", errors.Wrap(err, "generating token")
}
return accessToken, nil
}