Example #1
0
File: user.go Project: jmheidly/dex
func assertStringClaim(claims jose.Claims, k string) string {
	s, ok, err := claims.StringClaim(k)
	if !ok || err != nil {
		panic(fmt.Sprintf("claims were not validated correctly, missing or wrong claim: %v", k))
	}
	return s
}
Example #2
0
func IdentityFromClaims(claims jose.Claims) (*Identity, error) {
	if claims == nil {
		return nil, errors.New("nil claim set")
	}

	var ident Identity
	var err error
	var ok bool

	if ident.ID, ok, err = claims.StringClaim("sub"); err != nil {
		return nil, err
	} else if !ok {
		return nil, errors.New("missing required claim: sub")
	}

	if ident.Email, _, err = claims.StringClaim("email"); err != nil {
		return nil, err
	}

	exp, ok, err := claims.TimeClaim("exp")
	if err != nil {
		return nil, err
	} else if ok {
		ident.ExpiresAt = exp
	}

	return &ident, nil
}
Example #3
0
// Assumes that parseAndVerifyTokenClaims has already been called on claims
func verifyPasswordResetClaims(claims jose.Claims) (PasswordReset, error) {
	cb, ok, err := claims.StringClaim(ClaimPasswordResetCallback)
	if err != nil {
		return PasswordReset{}, err
	}

	if _, err := url.Parse(cb); err != nil {
		return PasswordReset{}, fmt.Errorf("callback URL not parseable: %v", cb)
	}

	pw, ok, err := claims.StringClaim(ClaimPasswordResetPassword)
	if err != nil {
		return PasswordReset{}, err
	}
	if !ok || pw == "" {
		return PasswordReset{}, fmt.Errorf("no %q claim", ClaimPasswordResetPassword)
	}

	return PasswordReset{claims}, nil
}
Example #4
0
// Assumes that parseAndVerifyTokenClaims has already been called on claims
func verifyEmailVerificationClaims(claims jose.Claims) (EmailVerification, error) {
	email, ok, err := claims.StringClaim(ClaimEmailVerificationEmail)
	if err != nil {
		return EmailVerification{}, err
	}
	if !ok || email == "" {
		return EmailVerification{}, fmt.Errorf("no %q claim", ClaimEmailVerificationEmail)
	}

	cb, ok, err := claims.StringClaim(ClaimEmailVerificationCallback)
	if err != nil {
		return EmailVerification{}, err
	}
	if !ok || cb == "" {
		return EmailVerification{}, fmt.Errorf("no %q claim", ClaimEmailVerificationCallback)
	}
	if _, err := url.Parse(cb); err != nil {
		return EmailVerification{}, fmt.Errorf("callback URL not parseable: %v", cb)
	}

	return EmailVerification{claims}, nil
}