cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: simplify JWTProfileVerifier interface

Browse source
This commit is contained in:
Livio Amstutz 2021-06-21 14:04:38 +02:00
parent 400f5c4de4
commit 39fef3e7fb
1 changed files with 11 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

16
pkg/op/verifier_jwt_profile.go
View file

@ -13,18 +13,18 @@ import (
type JWTProfileVerifier interface { type JWTProfileVerifier interface {
oidc.Verifier oidc.Verifier
Storage() Storage Storage() jwtProfileKeyStorage
} }
type jwtProfileVerifier struct { type jwtProfileVerifier struct {
storage Storage storage jwtProfileKeyStorage
issuer string issuer string
maxAgeIAT time.Duration maxAgeIAT time.Duration
offset time.Duration offset time.Duration
} }
//NewJWTProfileVerifier creates a oidc.Verifier for JWT Profile assertions (authorization grant and client authentication) //NewJWTProfileVerifier creates a oidc.Verifier for JWT Profile assertions (authorization grant and client authentication)
func NewJWTProfileVerifier(storage Storage, issuer string, maxAgeIAT, offset time.Duration) JWTProfileVerifier { func NewJWTProfileVerifier(storage jwtProfileKeyStorage, issuer string, maxAgeIAT, offset time.Duration) JWTProfileVerifier {
return &jwtProfileVerifier{ return &jwtProfileVerifier{
storage: storage, storage: storage,
issuer: issuer, issuer: issuer,
@ -37,7 +37,7 @@ func (v *jwtProfileVerifier) Issuer() string {
return v.issuer return v.issuer
} }
func (v *jwtProfileVerifier) Storage() Storage { func (v *jwtProfileVerifier) Storage() jwtProfileKeyStorage {
return v.storage return v.storage
} }
@ -84,8 +84,12 @@ func VerifyJWTAssertion(ctx context.Context, assertion string, v JWTProfileVerif
return request, nil return request, nil
} }
type jwtProfileKeyStorage interface {
GetKeyByIDAndUserID(ctx context.Context, keyID, userID string) (*jose.JSONWebKey, error)
}
type jwtProfileKeySet struct { type jwtProfileKeySet struct {
Storage storage jwtProfileKeyStorage
userID string userID string
} }
@ -96,7 +100,7 @@ func (k *jwtProfileKeySet) VerifySignature(ctx context.Context, jws *jose.JSONWe
keyID = sig.Header.KeyID keyID = sig.Header.KeyID
break break
} }
key, err := k.Storage.GetKeyByIDAndUserID(ctx, keyID, k.userID) key, err := k.storage.GetKeyByIDAndUserID(ctx, keyID, k.userID)
if err != nil { if err != nil {
return nil, fmt.Errorf("error fetching keys: %w", err) return nil, fmt.Errorf("error fetching keys: %w", err)
} }