mirror of
https://github.com/1f349/mjwt.git
synced 2024-12-22 07:24:05 +00:00
Add kID support to auth.
This commit is contained in:
parent
ce5eccfb3c
commit
dc95ed754c
@ -25,3 +25,13 @@ func CreateAccessToken(p mjwt.Signer, sub, id string, aud jwt.ClaimStrings, perm
|
|||||||
func CreateAccessTokenWithDuration(p mjwt.Signer, dur time.Duration, sub, id string, aud jwt.ClaimStrings, perms *claims.PermStorage) (string, error) {
|
func CreateAccessTokenWithDuration(p mjwt.Signer, dur time.Duration, sub, id string, aud jwt.ClaimStrings, perms *claims.PermStorage) (string, error) {
|
||||||
return p.GenerateJwt(sub, id, aud, dur, &AccessTokenClaims{Perms: perms})
|
return p.GenerateJwt(sub, id, aud, dur, &AccessTokenClaims{Perms: perms})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CreateAccessTokenWithKID creates an access token with the default 15 minute duration and the specified kID
|
||||||
|
func CreateAccessTokenWithKID(p mjwt.Signer, sub, id string, aud jwt.ClaimStrings, perms *claims.PermStorage, kID string) (string, error) {
|
||||||
|
return CreateAccessTokenWithDurationAndKID(p, time.Minute*15, sub, id, aud, perms, kID)
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateAccessTokenWithDurationAndKID creates an access token with a custom duration and the specified kID
|
||||||
|
func CreateAccessTokenWithDurationAndKID(p mjwt.Signer, dur time.Duration, sub, id string, aud jwt.ClaimStrings, perms *claims.PermStorage, kID string) (string, error) {
|
||||||
|
return p.GenerateJwtWithKID(sub, id, aud, dur, &AccessTokenClaims{Perms: perms}, kID)
|
||||||
|
}
|
||||||
|
20
auth/pair.go
20
auth/pair.go
@ -26,3 +26,23 @@ func CreateTokenPairWithDuration(p mjwt.Signer, accessDur, refreshDur time.Durat
|
|||||||
}
|
}
|
||||||
return accessToken, refreshToken, nil
|
return accessToken, refreshToken, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CreateTokenPairWithKID creates an access and refresh token pair using the default
|
||||||
|
// 15 minute and 7 day durations respectively using the specified kID
|
||||||
|
func CreateTokenPairWithKID(p mjwt.Signer, sub, id, rId string, aud, rAud jwt.ClaimStrings, perms *claims.PermStorage, kID string) (string, string, error) {
|
||||||
|
return CreateTokenPairWithDurationAndKID(p, time.Minute*15, time.Hour*24*7, sub, id, rId, aud, rAud, perms, kID)
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateTokenPairWithDurationAndKID creates an access and refresh token pair using
|
||||||
|
// custom durations for the access and refresh tokens
|
||||||
|
func CreateTokenPairWithDurationAndKID(p mjwt.Signer, accessDur, refreshDur time.Duration, sub, id, rId string, aud, rAud jwt.ClaimStrings, perms *claims.PermStorage, kID string) (string, string, error) {
|
||||||
|
accessToken, err := CreateAccessTokenWithDurationAndKID(p, accessDur, sub, id, aud, perms, kID)
|
||||||
|
if err != nil {
|
||||||
|
return "", "", err
|
||||||
|
}
|
||||||
|
refreshToken, err := CreateRefreshTokenWithDurationAndKID(p, refreshDur, sub, rId, id, rAud, kID)
|
||||||
|
if err != nil {
|
||||||
|
return "", "", err
|
||||||
|
}
|
||||||
|
return accessToken, refreshToken, nil
|
||||||
|
}
|
||||||
|
@ -24,3 +24,13 @@ func CreateRefreshToken(p mjwt.Signer, sub, id, ati string, aud jwt.ClaimStrings
|
|||||||
func CreateRefreshTokenWithDuration(p mjwt.Signer, dur time.Duration, sub, id, ati string, aud jwt.ClaimStrings) (string, error) {
|
func CreateRefreshTokenWithDuration(p mjwt.Signer, dur time.Duration, sub, id, ati string, aud jwt.ClaimStrings) (string, error) {
|
||||||
return p.GenerateJwt(sub, id, aud, dur, RefreshTokenClaims{AccessTokenId: ati})
|
return p.GenerateJwt(sub, id, aud, dur, RefreshTokenClaims{AccessTokenId: ati})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CreateRefreshTokenWithKID creates a refresh token with the default 7 day duration and the specified kID
|
||||||
|
func CreateRefreshTokenWithKID(p mjwt.Signer, sub, id, ati string, aud jwt.ClaimStrings, kID string) (string, error) {
|
||||||
|
return CreateRefreshTokenWithDurationAndKID(p, time.Hour*24*7, sub, id, ati, aud, kID)
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateRefreshTokenWithDurationAndKID creates a refresh token with a custom duration and the specified kID
|
||||||
|
func CreateRefreshTokenWithDurationAndKID(p mjwt.Signer, dur time.Duration, sub, id, ati string, aud jwt.ClaimStrings, kID string) (string, error) {
|
||||||
|
return p.GenerateJwtWithKID(sub, id, aud, dur, RefreshTokenClaims{AccessTokenId: ati}, kID)
|
||||||
|
}
|
||||||
|
@ -16,7 +16,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
type accessCmd struct {
|
type accessCmd struct {
|
||||||
issuer, subject, id, audience, duration string
|
issuer, subject, id, audience, duration, kID string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *accessCmd) Name() string { return "access" }
|
func (s *accessCmd) Name() string { return "access" }
|
||||||
@ -24,7 +24,7 @@ func (s *accessCmd) Synopsis() string {
|
|||||||
return "Generates an access token with permissions using the private key"
|
return "Generates an access token with permissions using the private key"
|
||||||
}
|
}
|
||||||
func (s *accessCmd) Usage() string {
|
func (s *accessCmd) Usage() string {
|
||||||
return `sign [-iss <issuer>] [-sub <subject>] [-id <id>] [-aud <audience>] [-dur <duration>] <private key path> <space separated permissions>
|
return `sign [-iss <issuer>] [-sub <subject>] [-id <id>] [-aud <audience>] [-dur <duration>] [-kid <name>] <private key path> <space separated permissions>
|
||||||
Output a signed MJWT token with the specified permissions.
|
Output a signed MJWT token with the specified permissions.
|
||||||
`
|
`
|
||||||
}
|
}
|
||||||
@ -35,6 +35,7 @@ func (s *accessCmd) SetFlags(f *flag.FlagSet) {
|
|||||||
f.StringVar(&s.id, "id", "", "MJWT ID")
|
f.StringVar(&s.id, "id", "", "MJWT ID")
|
||||||
f.StringVar(&s.audience, "aud", "", "Comma separated audience items for the MJWT")
|
f.StringVar(&s.audience, "aud", "", "Comma separated audience items for the MJWT")
|
||||||
f.StringVar(&s.duration, "dur", "15m", "Duration for the MJWT (default: 15m)")
|
f.StringVar(&s.duration, "dur", "15m", "Duration for the MJWT (default: 15m)")
|
||||||
|
f.StringVar(&s.kID, "kid", "\x00", "The Key ID of the signing key")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *accessCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
|
func (s *accessCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
|
||||||
@ -65,8 +66,17 @@ func (s *accessCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
|
|||||||
return subcommands.ExitFailure
|
return subcommands.ExitFailure
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var token string
|
||||||
|
if len(s.kID) == 1 && s.kID[0] == '\x00' {
|
||||||
signer := mjwt.NewMJwtSigner(s.issuer, key)
|
signer := mjwt.NewMJwtSigner(s.issuer, key)
|
||||||
token, err := signer.GenerateJwt(s.subject, s.id, aud, dur, auth.AccessTokenClaims{Perms: ps})
|
token, err = signer.GenerateJwt(s.subject, s.id, aud, dur, auth.AccessTokenClaims{Perms: ps})
|
||||||
|
} else {
|
||||||
|
kStore := mjwt.NewMJwtKeyStore()
|
||||||
|
kStore.SetKey(s.kID, key)
|
||||||
|
signer := mjwt.NewMJwtSignerWithKeyStore(s.issuer, nil, kStore)
|
||||||
|
token, err = signer.GenerateJwtWithKID(s.subject, s.id, aud, dur, auth.AccessTokenClaims{Perms: ps}, s.kID)
|
||||||
|
}
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
_, _ = fmt.Fprintln(os.Stderr, "Error: Failed to generate MJWT token: ", err)
|
_, _ = fmt.Fprintln(os.Stderr, "Error: Failed to generate MJWT token: ", err)
|
||||||
return subcommands.ExitFailure
|
return subcommands.ExitFailure
|
||||||
|
Loading…
Reference in New Issue
Block a user