//Creates a signed JWT token for the requesting subject and issuer URL func createJWTToken(subject string, issuerUrl string, tokenttl time.Duration, scopesMap map[string]struct{}, unsignedToken bool) (jwt *jose.JWT, err error) { privateKey, err := privateKey() if err != nil { return nil, base.HTTPErrorf(http.StatusInternalServerError, "Error getting private RSA Key") } now := time.Now() expiresIn := tokenttl expiryTime := now.Add(expiresIn) cl := jose.Claims{ "sub": subject, "iat": now.Unix(), "exp": expiryTime.Unix(), "iss": issuerUrl, "aud": testProviderAud, } if _, ok := scopesMap["email"]; ok { cl["email"] = subject + "@syncgatewayoidctesting.com" } if _, ok := scopesMap["profile"]; ok { cl["nickname"] = "slim jim" } signer := jose.NewSignerRSA(testProviderKeyIdentifier, *privateKey) if !unsignedToken { jwt, err = jose.NewSignedJWT(cl, signer) if err != nil { return nil, err } } else { header := jose.JOSEHeader{ "alg": signer.Alg(), "kid": signer.ID(), } unsignedJWT, err := jose.NewJWT(header, cl) if err != nil { return nil, err } jwt = &unsignedJWT } return }
func (k *PrivateKey) Signer() jose.Signer { return jose.NewSignerRSA(k.ID(), *k.PrivateKey) }