//takes the jwt from the client's session storage:
func sessionTokenParse(r *http.Request) (token *jwt.Token, err error) {
token, err = request.ParseFromRequestWithClaims(r, request.OAuth2Extractor, &AppClaims{}, func(token *jwt.Token) (interface{}, error) {
// since we only use the one private key to sign the tokens,
// we also only use its public counter part to verify
return verifyKey, nil
})
return
}
func spotifySessionTokenParse(r *http.Request) (token *jwt.Token, err error) {
token, err = request.ParseFromRequestWithClaims(r, request.OAuth2Extractor, &SpotifyAppClaims{}, func(token *jwt.Token) (interface{}, error) {
// since we only use the one private key to sign the tokens,
// we also only use its public counter part to verify
return []byte(os.Getenv("SPOTIFY_STORAGE_CLIENT")), nil
})
return
}
// Get gets the signed JWT from the Authorization header. If the token is
// missing, expired, or the signature does not validate, returns an error.
func (m *JwtManager) Get(req *http.Request) (*jwt.Token, error) {
extractor := MultiDecryptExtractor{
m.key,
[]request.Extractor{
CookieExtractor{"DrAuthToken"},
request.HeaderExtractor{"DR-AUTH-TOKEN"},
request.ArgumentExtractor{"token"},
request.AuthorizationHeaderExtractor,
},
}
return request.ParseFromRequestWithClaims(req, extractor, &jwt.StandardClaims{}, m.getKey)
}
// only accessible with a valid token
func restrictedHandler(w http.ResponseWriter, r *http.Request) {
// Get token from request
token, err := request.ParseFromRequestWithClaims(r, request.OAuth2Extractor, &CustomClaimsExample{}, func(token *jwt.Token) (interface{}, error) {
// since we only use the one private key to sign the tokens,
// we also only use its public counter part to verify
return verifyKey, nil
})
// If the token is missing or invalid, return error
if err != nil {
w.WriteHeader(http.StatusUnauthorized)
fmt.Fprintln(w, "Invalid token:", err)
return
}
// Token is valid
fmt.Fprintln(w, "Welcome,", token.Claims.(*CustomClaimsExample).Name)
return
}
