func TestMultipleAudienceFix_AfterMarshal(t *testing.T) {
// Create JWS claims
claims := jws.Claims{}
claims.SetAudience("example.com", "api.example.com")
token := jws.NewJWT(claims, crypto.SigningMethodHS256)
serializedToken, _ := token.Serialize([]byte("abcdef"))
// Unmarshal JSON
newToken, _ := jws.ParseJWT(serializedToken)
c := newToken.Claims()
// Get Audience
aud, ok := c.Audience()
if !ok {
// Fails
t.Fail()
}
t.Logf("aud len(): %d", len(aud))
t.Logf("aud Value: %s", aud)
t.Logf("aud Type : %T", aud)
}
//UserClaims generate user claims
func (p *Dao) UserClaims(u *User) jws.Claims {
cm := jws.Claims{}
cm.SetSubject(u.Name)
cm.Set("uid", u.UID)
cm.Set("id", u.ID)
cm.Set("roles", p.Authority(u.ID, "-", 0))
return cm
}
//Sum create jwt token
func (p *Jwt) Sum(cm jws.Claims, days int) ([]byte, error) {
kid := uuid.NewV4()
now := time.Now()
cm.SetNotBefore(now)
cm.SetExpiration(now.AddDate(0, 0, days))
cm.Set("kid", kid)
//TODO using kid
jt := jws.NewJWT(cm, p.Method)
return jt.Serialize(p.Key)
}
// TestTimeValuesThroughJSON verifies that the time values
// that are set via the Set{IssuedAt,NotBefore,Expiration}()
// methods can actually be parsed back
func TestTimeValuesThroughJSON(t *testing.T) {
now := time.Unix(time.Now().Unix(), 0)
c := jws.Claims{}
c.SetIssuedAt(now)
c.SetNotBefore(now)
c.SetExpiration(now)
// serialize to JWT
tok := jws.NewJWT(c, crypto.SigningMethodHS256)
b, err := tok.Serialize([]byte("key"))
if err != nil {
t.Fatal(err)
}
// parse the JWT again
tok2, err := jws.ParseJWT(b)
if err != nil {
t.Fatal(err)
}
c2 := tok2.Claims()
iat, ok1 := c2.IssuedAt()
nbf, ok2 := c2.NotBefore()
exp, ok3 := c2.Expiration()
if !ok1 || !ok2 || !ok3 {
t.Fatal("got false want true")
}
if got, want := iat, now; !got.Equal(want) {
t.Errorf("%s: got %v want %v", "iat", got, want)
}
if got, want := nbf, now; !got.Equal(want) {
t.Errorf("%s: got %v want %v", "nbf", got, want)
}
if got, want := exp, now; !got.Equal(want) {
t.Errorf("%s: got %v want %v", "exp", got, want)
}
}
// createSignedCustomAuthTokenForUser creates a custom auth token for a given user.
func createSignedCustomAuthTokenForUser(uid string, developerClaims *Claims, issuer string, privateKey *rsa.PrivateKey) (string, error) {
if uid == "" {
return "", errors.New("Uid must be provided.")
}
if issuer == "" {
return "", errors.New("Must provide an issuer.")
}
if len(uid) > 128 {
return "", errors.New("Uid must be shorter than 128 characters")
}
method := crypto.SigningMethodRS256
claims := jws.Claims{}
claims.Set("uid", uid)
claims.SetIssuer(issuer)
claims.SetSubject(issuer)
claims.SetAudience(firebaseAudience)
now := clock.Now()
claims.SetIssuedAt(now)
claims.SetExpiration(now.Add(time.Hour))
if developerClaims != nil {
for claim := range *developerClaims {
if isReserved(claim) {
return "", fmt.Errorf("developer_claims cannot contain a reserved key: %s", claim)
}
}
claims.Set("claims", developerClaims)
}
jwt := jws.NewJWT(claims, method)
bytes, err := jwt.Serialize(privateKey)
if err != nil {
return "", err
}
return string(bytes), nil
}