//Creates a signed JWT token for the requesting subject and issuer URL
func createJWTToken(subject string, issuerUrl string, tokenttl time.Duration, scopesMap map[string]struct{}, unsignedToken bool) (jwt *jose.JWT, err error) {
privateKey, err := privateKey()
if err != nil {
return nil, base.HTTPErrorf(http.StatusInternalServerError, "Error getting private RSA Key")
}
now := time.Now()
expiresIn := tokenttl
expiryTime := now.Add(expiresIn)
cl := jose.Claims{
"sub": subject,
"iat": now.Unix(),
"exp": expiryTime.Unix(),
"iss": issuerUrl,
"aud": testProviderAud,
}
if _, ok := scopesMap["email"]; ok {
cl["email"] = subject + "@syncgatewayoidctesting.com"
}
if _, ok := scopesMap["profile"]; ok {
cl["nickname"] = "slim jim"
}
signer := jose.NewSignerRSA(testProviderKeyIdentifier, *privateKey)
if !unsignedToken {
jwt, err = jose.NewSignedJWT(cl, signer)
if err != nil {
return nil, err
}
} else {
header := jose.JOSEHeader{
"alg": signer.Alg(),
"kid": signer.ID(),
}
unsignedJWT, err := jose.NewJWT(header, cl)
if err != nil {
return nil, err
}
jwt = &unsignedJWT
}
return
}
func (k *PrivateKey) Signer() jose.Signer {
return jose.NewSignerRSA(k.ID(), *k.PrivateKey)
}
