Beispiel #1
0
func TestMultipleAudienceFix_AfterMarshal(t *testing.T) {
	// Create JWS claims
	claims := jws.Claims{}
	claims.SetAudience("example.com", "api.example.com")

	token := jws.NewJWT(claims, crypto.SigningMethodHS256)
	serializedToken, _ := token.Serialize([]byte("abcdef"))

	// Unmarshal JSON
	newToken, _ := jws.ParseJWT(serializedToken)

	c := newToken.Claims()

	// Get Audience
	aud, ok := c.Audience()
	if !ok {

		// Fails
		t.Fail()
	}

	t.Logf("aud len(): %d", len(aud))
	t.Logf("aud Value: %s", aud)
	t.Logf("aud Type : %T", aud)
}
Beispiel #2
0
func GenerateToken(id int) string {
	var claims = jws.Claims{
		"id": id,
	}
	j := jws.NewJWT(claims, crypto.SigningMethodHS256)
	t, err := j.Serialize(secret)
	if err != nil {
		return ""
	}
	token := string(t)

	db, err := sql.Open("postgres", config.DbConnection)
	if err != nil {
		fmt.Println(err.Error())
	}
	defer db.Close()

	stmt, err := db.Prepare("INSERT INTO tokens(user_id,token) VALUES($1,$2);")
	if err != nil {
		fmt.Printf("ERROR prepare: %s\n", err.Error())
		return ""
	}
	defer stmt.Close()

	_, err = stmt.Exec(id, token)
	if err != nil {
		fmt.Printf("ERROR execute: %s\n", err.Error())
		return ""
	}
	return token
}
Beispiel #3
0
//Sum create jwt token
func (p *Jwt) Sum(cm jws.Claims, days int) ([]byte, error) {
	kid := uuid.NewV4()
	now := time.Now()
	cm.SetNotBefore(now)
	cm.SetExpiration(now.AddDate(0, 0, days))
	cm.Set("kid", kid)
	//TODO using kid

	jt := jws.NewJWT(cm, p.Method)
	return jt.Serialize(p.Key)
}
Beispiel #4
0
// GenerateClaim generate a JWT token containing a claim using the supplied
// certificates and user
func GenerateClaim(certs *Certs, usr *models.User) (string, error) {
	// generate a token
	var claims = jws.Claims{
		"user_id": models.StringValue(usr.ID),
		"login":   models.StringValue(usr.Login),
		"email":   models.StringValue(usr.Email),
		"exp":     time.Now().Add(24 * time.Hour).Unix(),
	}

	j := jws.NewJWT(claims, crypto.SigningMethodRS512)
	b, err := j.Serialize(certs.PrivateKey)

	return string(b), err
}
Beispiel #5
0
// TestTimeValuesThroughJSON verifies that the time values
// that are set via the Set{IssuedAt,NotBefore,Expiration}()
// methods can actually be parsed back
func TestTimeValuesThroughJSON(t *testing.T) {
	now := time.Unix(time.Now().Unix(), 0)

	c := jws.Claims{}
	c.SetIssuedAt(now)
	c.SetNotBefore(now)
	c.SetExpiration(now)

	// serialize to JWT
	tok := jws.NewJWT(c, crypto.SigningMethodHS256)
	b, err := tok.Serialize([]byte("key"))
	if err != nil {
		t.Fatal(err)
	}

	// parse the JWT again
	tok2, err := jws.ParseJWT(b)
	if err != nil {
		t.Fatal(err)
	}
	c2 := tok2.Claims()

	iat, ok1 := c2.IssuedAt()
	nbf, ok2 := c2.NotBefore()
	exp, ok3 := c2.Expiration()
	if !ok1 || !ok2 || !ok3 {
		t.Fatal("got false want true")
	}

	if got, want := iat, now; !got.Equal(want) {
		t.Errorf("%s: got %v want %v", "iat", got, want)
	}
	if got, want := nbf, now; !got.Equal(want) {
		t.Errorf("%s: got %v want %v", "nbf", got, want)
	}
	if got, want := exp, now; !got.Equal(want) {
		t.Errorf("%s: got %v want %v", "exp", got, want)
	}
}
// createSignedCustomAuthTokenForUser creates a custom auth token for a given user.
func createSignedCustomAuthTokenForUser(uid string, developerClaims *Claims, issuer string, privateKey *rsa.PrivateKey) (string, error) {
	if uid == "" {
		return "", errors.New("Uid must be provided.")
	}
	if issuer == "" {
		return "", errors.New("Must provide an issuer.")
	}
	if len(uid) > 128 {
		return "", errors.New("Uid must be shorter than 128 characters")
	}

	method := crypto.SigningMethodRS256
	claims := jws.Claims{}
	claims.Set("uid", uid)
	claims.SetIssuer(issuer)
	claims.SetSubject(issuer)
	claims.SetAudience(firebaseAudience)
	now := clock.Now()
	claims.SetIssuedAt(now)
	claims.SetExpiration(now.Add(time.Hour))

	if developerClaims != nil {
		for claim := range *developerClaims {
			if isReserved(claim) {
				return "", fmt.Errorf("developer_claims cannot contain a reserved key: %s", claim)
			}
		}
		claims.Set("claims", developerClaims)
	}

	jwt := jws.NewJWT(claims, method)
	bytes, err := jwt.Serialize(privateKey)
	if err != nil {
		return "", err
	}

	return string(bytes), nil
}