//UserClaims generate user claims
func (p *Dao) UserClaims(u *User) jws.Claims {
cm := jws.Claims{}
cm.SetSubject(u.Name)
cm.Set("uid", u.UID)
cm.Set("id", u.ID)
cm.Set("roles", p.Authority(u.ID, "-", 0))
return cm
}
// createSignedCustomAuthTokenForUser creates a custom auth token for a given user.
func createSignedCustomAuthTokenForUser(uid string, developerClaims *Claims, issuer string, privateKey *rsa.PrivateKey) (string, error) {
if uid == "" {
return "", errors.New("Uid must be provided.")
}
if issuer == "" {
return "", errors.New("Must provide an issuer.")
}
if len(uid) > 128 {
return "", errors.New("Uid must be shorter than 128 characters")
}
method := crypto.SigningMethodRS256
claims := jws.Claims{}
claims.Set("uid", uid)
claims.SetIssuer(issuer)
claims.SetSubject(issuer)
claims.SetAudience(firebaseAudience)
now := clock.Now()
claims.SetIssuedAt(now)
claims.SetExpiration(now.Add(time.Hour))
if developerClaims != nil {
for claim := range *developerClaims {
if isReserved(claim) {
return "", fmt.Errorf("developer_claims cannot contain a reserved key: %s", claim)
}
}
claims.Set("claims", developerClaims)
}
jwt := jws.NewJWT(claims, method)
bytes, err := jwt.Serialize(privateKey)
if err != nil {
return "", err
}
return string(bytes), nil
}