func (s *DefaultConsentStrategy) IssueChallenge(authorizeRequest fosite.AuthorizeRequester, redirectURL string) (string, error) {
token := jwt.New(jwt.SigningMethodRS256)
token.Claims = map[string]interface{}{
"jti": uuid.New(),
"scp": authorizeRequest.GetScopes(),
"aud": authorizeRequest.GetClient().GetID(),
"exp": time.Now().Add(time.Hour).Unix(),
"redir": redirectURL,
}
ks, err := s.KeyManager.GetKey(ConsentChallengeKey, "private")
if err != nil {
return "", errors.New(err)
}
rsaKey, ok := jwk.First(ks.Keys).Key.(*rsa.PrivateKey)
if !ok {
return "", errors.New("Could not convert to RSA Private Key")
}
var signature, encoded string
if encoded, err = token.SigningString(); err != nil {
return "", errors.New(err)
} else if signature, err = token.Method.Sign(encoded, rsaKey); err != nil {
return "", errors.New(err)
}
return fmt.Sprintf("%s.%s", encoded, signature), nil
}