mirror of
https://github.com/1f349/mjwt.git
synced 2024-11-09 22:22:48 +00:00
Add kID support to auth.
This commit is contained in:
parent
ce5eccfb3c
commit
dc95ed754c
@ -25,3 +25,13 @@ func CreateAccessToken(p mjwt.Signer, sub, id string, aud jwt.ClaimStrings, perm
|
||||
func CreateAccessTokenWithDuration(p mjwt.Signer, dur time.Duration, sub, id string, aud jwt.ClaimStrings, perms *claims.PermStorage) (string, error) {
|
||||
return p.GenerateJwt(sub, id, aud, dur, &AccessTokenClaims{Perms: perms})
|
||||
}
|
||||
|
||||
// CreateAccessTokenWithKID creates an access token with the default 15 minute duration and the specified kID
|
||||
func CreateAccessTokenWithKID(p mjwt.Signer, sub, id string, aud jwt.ClaimStrings, perms *claims.PermStorage, kID string) (string, error) {
|
||||
return CreateAccessTokenWithDurationAndKID(p, time.Minute*15, sub, id, aud, perms, kID)
|
||||
}
|
||||
|
||||
// CreateAccessTokenWithDurationAndKID creates an access token with a custom duration and the specified kID
|
||||
func CreateAccessTokenWithDurationAndKID(p mjwt.Signer, dur time.Duration, sub, id string, aud jwt.ClaimStrings, perms *claims.PermStorage, kID string) (string, error) {
|
||||
return p.GenerateJwtWithKID(sub, id, aud, dur, &AccessTokenClaims{Perms: perms}, kID)
|
||||
}
|
||||
|
20
auth/pair.go
20
auth/pair.go
@ -26,3 +26,23 @@ func CreateTokenPairWithDuration(p mjwt.Signer, accessDur, refreshDur time.Durat
|
||||
}
|
||||
return accessToken, refreshToken, nil
|
||||
}
|
||||
|
||||
// CreateTokenPairWithKID creates an access and refresh token pair using the default
|
||||
// 15 minute and 7 day durations respectively using the specified kID
|
||||
func CreateTokenPairWithKID(p mjwt.Signer, sub, id, rId string, aud, rAud jwt.ClaimStrings, perms *claims.PermStorage, kID string) (string, string, error) {
|
||||
return CreateTokenPairWithDurationAndKID(p, time.Minute*15, time.Hour*24*7, sub, id, rId, aud, rAud, perms, kID)
|
||||
}
|
||||
|
||||
// CreateTokenPairWithDurationAndKID creates an access and refresh token pair using
|
||||
// custom durations for the access and refresh tokens
|
||||
func CreateTokenPairWithDurationAndKID(p mjwt.Signer, accessDur, refreshDur time.Duration, sub, id, rId string, aud, rAud jwt.ClaimStrings, perms *claims.PermStorage, kID string) (string, string, error) {
|
||||
accessToken, err := CreateAccessTokenWithDurationAndKID(p, accessDur, sub, id, aud, perms, kID)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
refreshToken, err := CreateRefreshTokenWithDurationAndKID(p, refreshDur, sub, rId, id, rAud, kID)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
return accessToken, refreshToken, nil
|
||||
}
|
||||
|
@ -24,3 +24,13 @@ func CreateRefreshToken(p mjwt.Signer, sub, id, ati string, aud jwt.ClaimStrings
|
||||
func CreateRefreshTokenWithDuration(p mjwt.Signer, dur time.Duration, sub, id, ati string, aud jwt.ClaimStrings) (string, error) {
|
||||
return p.GenerateJwt(sub, id, aud, dur, RefreshTokenClaims{AccessTokenId: ati})
|
||||
}
|
||||
|
||||
// CreateRefreshTokenWithKID creates a refresh token with the default 7 day duration and the specified kID
|
||||
func CreateRefreshTokenWithKID(p mjwt.Signer, sub, id, ati string, aud jwt.ClaimStrings, kID string) (string, error) {
|
||||
return CreateRefreshTokenWithDurationAndKID(p, time.Hour*24*7, sub, id, ati, aud, kID)
|
||||
}
|
||||
|
||||
// CreateRefreshTokenWithDurationAndKID creates a refresh token with a custom duration and the specified kID
|
||||
func CreateRefreshTokenWithDurationAndKID(p mjwt.Signer, dur time.Duration, sub, id, ati string, aud jwt.ClaimStrings, kID string) (string, error) {
|
||||
return p.GenerateJwtWithKID(sub, id, aud, dur, RefreshTokenClaims{AccessTokenId: ati}, kID)
|
||||
}
|
||||
|
@ -16,7 +16,7 @@ import (
|
||||
)
|
||||
|
||||
type accessCmd struct {
|
||||
issuer, subject, id, audience, duration string
|
||||
issuer, subject, id, audience, duration, kID string
|
||||
}
|
||||
|
||||
func (s *accessCmd) Name() string { return "access" }
|
||||
@ -24,7 +24,7 @@ func (s *accessCmd) Synopsis() string {
|
||||
return "Generates an access token with permissions using the private key"
|
||||
}
|
||||
func (s *accessCmd) Usage() string {
|
||||
return `sign [-iss <issuer>] [-sub <subject>] [-id <id>] [-aud <audience>] [-dur <duration>] <private key path> <space separated permissions>
|
||||
return `sign [-iss <issuer>] [-sub <subject>] [-id <id>] [-aud <audience>] [-dur <duration>] [-kid <name>] <private key path> <space separated permissions>
|
||||
Output a signed MJWT token with the specified permissions.
|
||||
`
|
||||
}
|
||||
@ -35,6 +35,7 @@ func (s *accessCmd) SetFlags(f *flag.FlagSet) {
|
||||
f.StringVar(&s.id, "id", "", "MJWT ID")
|
||||
f.StringVar(&s.audience, "aud", "", "Comma separated audience items for the MJWT")
|
||||
f.StringVar(&s.duration, "dur", "15m", "Duration for the MJWT (default: 15m)")
|
||||
f.StringVar(&s.kID, "kid", "\x00", "The Key ID of the signing key")
|
||||
}
|
||||
|
||||
func (s *accessCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
|
||||
@ -65,8 +66,17 @@ func (s *accessCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
|
||||
return subcommands.ExitFailure
|
||||
}
|
||||
|
||||
var token string
|
||||
if len(s.kID) == 1 && s.kID[0] == '\x00' {
|
||||
signer := mjwt.NewMJwtSigner(s.issuer, key)
|
||||
token, err := signer.GenerateJwt(s.subject, s.id, aud, dur, auth.AccessTokenClaims{Perms: ps})
|
||||
token, err = signer.GenerateJwt(s.subject, s.id, aud, dur, auth.AccessTokenClaims{Perms: ps})
|
||||
} else {
|
||||
kStore := mjwt.NewMJwtKeyStore()
|
||||
kStore.SetKey(s.kID, key)
|
||||
signer := mjwt.NewMJwtSignerWithKeyStore(s.issuer, nil, kStore)
|
||||
token, err = signer.GenerateJwtWithKID(s.subject, s.id, aud, dur, auth.AccessTokenClaims{Perms: ps}, s.kID)
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
_, _ = fmt.Fprintln(os.Stderr, "Error: Failed to generate MJWT token: ", err)
|
||||
return subcommands.ExitFailure
|
||||
|
Loading…
Reference in New Issue
Block a user