//Sum create jwt token func (p *Jwt) Sum(cm jws.Claims, days int) ([]byte, error) { kid := uuid.NewV4() now := time.Now() cm.SetNotBefore(now) cm.SetExpiration(now.AddDate(0, 0, days)) cm.Set("kid", kid) //TODO using kid jt := jws.NewJWT(cm, p.Method) return jt.Serialize(p.Key) }
// TestTimeValuesThroughJSON verifies that the time values // that are set via the Set{IssuedAt,NotBefore,Expiration}() // methods can actually be parsed back func TestTimeValuesThroughJSON(t *testing.T) { now := time.Unix(time.Now().Unix(), 0) c := jws.Claims{} c.SetIssuedAt(now) c.SetNotBefore(now) c.SetExpiration(now) // serialize to JWT tok := jws.NewJWT(c, crypto.SigningMethodHS256) b, err := tok.Serialize([]byte("key")) if err != nil { t.Fatal(err) } // parse the JWT again tok2, err := jws.ParseJWT(b) if err != nil { t.Fatal(err) } c2 := tok2.Claims() iat, ok1 := c2.IssuedAt() nbf, ok2 := c2.NotBefore() exp, ok3 := c2.Expiration() if !ok1 || !ok2 || !ok3 { t.Fatal("got false want true") } if got, want := iat, now; !got.Equal(want) { t.Errorf("%s: got %v want %v", "iat", got, want) } if got, want := nbf, now; !got.Equal(want) { t.Errorf("%s: got %v want %v", "nbf", got, want) } if got, want := exp, now; !got.Equal(want) { t.Errorf("%s: got %v want %v", "exp", got, want) } }
// createSignedCustomAuthTokenForUser creates a custom auth token for a given user. func createSignedCustomAuthTokenForUser(uid string, developerClaims *Claims, issuer string, privateKey *rsa.PrivateKey) (string, error) { if uid == "" { return "", errors.New("Uid must be provided.") } if issuer == "" { return "", errors.New("Must provide an issuer.") } if len(uid) > 128 { return "", errors.New("Uid must be shorter than 128 characters") } method := crypto.SigningMethodRS256 claims := jws.Claims{} claims.Set("uid", uid) claims.SetIssuer(issuer) claims.SetSubject(issuer) claims.SetAudience(firebaseAudience) now := clock.Now() claims.SetIssuedAt(now) claims.SetExpiration(now.Add(time.Hour)) if developerClaims != nil { for claim := range *developerClaims { if isReserved(claim) { return "", fmt.Errorf("developer_claims cannot contain a reserved key: %s", claim) } } claims.Set("claims", developerClaims) } jwt := jws.NewJWT(claims, method) bytes, err := jwt.Serialize(privateKey) if err != nil { return "", err } return string(bytes), nil }