//
// https://developers.google.com/identity/choose-auth
// https://developers.google.com/identity/sign-in/web/backend-auth
func TokenSignin(w http.ResponseWriter, r *http.Request) {
lg, _ := loghttp.BuffLoggerUniversal(w, r)
// w.Header().Set("Access-Control-Allow-Origin", "http://localhost:1313")
w.Header().Set("Access-Control-Allow-Origin", "http://"+routes.AppHostDev())
w.Header().Del("Access-Control-Allow-Origin")
w.Header().Set("Access-Control-Allow-Origin", "*")
// err := r.ParseMultipartForm(1024 * 1024 * 2)
err := r.ParseForm()
lg(err)
myToken := r.Form.Get("idtoken")
tokSize := fmt.Sprintf("Len of Tok was %v. \n", len(myToken))
fc1 := func(token *jwt.Token) (interface{}, error) {
// Don't forget to validate the alg is what you expect:
log.Printf("algo header is %v\n", token.Header["alg"])
if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
}
return token.Header["kid"], nil
}
token, err := jwt.Parse(myToken, fc1)
// No direct error comparison possible; since err is wrapped in another struct
if err != nil && strings.Contains(err.Error(), jwt.ErrPEMMappingObsolete.Error()) {
currentPEMsURL := "https://www.googleapis.com/oauth2/v1/certs"
req, err := http.NewRequest("GET", currentPEMsURL, nil)
if err != nil {
lg("creation of pem request failed")
return
}
req.Header.Set("Content-Type", "application/json")
fo := fetch.Options{Req: req}
fo.KnownProtocol = "https"
fo.ForceHTTPSEvenOnDevelopmentServer = true
bts, inf, err := fetch.UrlGetter(r, fo)
lg(err)
if err != nil {
lg("tried to fetch %v, %v", currentPEMsURL, inf.URL)
lg("msg %v", inf.Msg)
return
}
if len(bts) > 200 {
var data1 map[string]string
err = json.Unmarshal(bts, &data1)
lg(err)
// lg(stringspb.IndentedDumpBytes(data1))
// w.Write(stringspb.IndentedDumpBytes(data1))
if len(data1) > 1 {
lg("PEM mappings updated")
jwt.MappingToPEM = data1
} else {
lg("PEM mapping response contained only %v records; bytes length %v", len(data1), len(bts))
}
}
}
token, err = jwt.Parse(myToken, fc1)
if err != nil && strings.Contains(err.Error(), jwt.ErrInvalidKey.Error()) {
w.Write([]byte("The submitted RSA Key was somehow unparseable. We still accept the token.\n"))
/*
https://developers.google.com/identity/sign-in/web/backend-auth
*/
err = nil
token.Valid = true
}
if err != nil {
w.Write([]byte("--- " + err.Error() + ".\n"))
}
if err == nil && token.Valid {
tk := ""
tk += fmt.Sprintf(" Algor: %v\n", token.Method)
tk += fmt.Sprintf(" Header: %v\n", token.Header)
for k, v := range token.Claims {
tk += fmt.Sprintf("\t %-8v %v\n", k, v)
}
lg(tk)
w.Write([]byte("tokensignin; valid. \n"))
w.Write([]byte(tokSize))
sb := "header-sub-not-present"
if _, ok := token.Claims["sub"]; ok {
sb = token.Claims["sub"].(string)
}
w.Write([]byte("ID from PWT is " + sb + "\n"))
_, usr, msg1 := login.CheckForNormalUser(r)
if usr != nil {
w.Write([]byte("ID from SRV is " + usr.ID + "\n"))
}
w.Write([]byte(msg1 + "\n"))
} else {
w.Write([]byte("tokensignin; INVALID. \n"))
w.Write([]byte(tokSize))
w.Write([]byte(stringspb.ToLen(myToken, 30)))
vrf := fmt.Sprintf("\nhttps://www.googleapis.com/oauth2/v3/tokeninfo?id_token=%v \n", myToken)
w.Write([]byte(vrf))
}
}
func init() {
urlUp = []string{
"http://" + routes.AppHostDev() + upload.UrlUploadReceive,
"https://" + routes.AppHostLive() + upload.UrlUploadReceive,
}
}