Skip to content
This repository was archived by the owner on Jul 13, 2023. It is now read-only.
This repository was archived by the owner on Jul 13, 2023. It is now read-only.

Server: refactor token verification to use the full verify library #8

Open
Open
Server: refactor token verification to use the full verify library#8
Milestone
v1.0
@muhlemmer

Description

@muhlemmer
muhlemmer
opened on Jan 3, 2020

authenticator/cmd/server/transaction.go

Lines 183 to 208 in 4ee6ce9

func (rt *requestTx) checkJWT(token string, valid time.Time) (*jwt.Claims, error) {
log := rt.log.WithField("token", token)
if token == "" {
log.WithError(errors.New(errMissingToken)).Warn("checkJWT")
return nil, status.Error(codes.InvalidArgument, errMissingToken)
}
kid, err := verify.ParseJWTHeader(token)
if err != nil {
log.WithError(err).Warn("tokens.ParseJWTHeader()")
return nil, status.Error(codes.Unauthenticated, "Invalid token header")
}
key, err := rt.findJWTKey(kid)
if err != nil {
return nil, err
}
claims, err := jwt.EdDSACheck([]byte(token), []byte(key))
if err != nil {
log.WithError(err).Warn("jwt.EdDSACheck()")
return nil, status.Error(codes.Unauthenticated, "EdDSA verification failed")
}
if !claims.Valid(valid) {
log.WithError(errors.New(errExpiredToken)).Warn("jwt.EdDSACheck()")
return nil, status.Error(codes.Unauthenticated, errExpiredToken)
}
return claims, nil
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions