From ef5a8a2e3a1994e51e85244a6bf2ab444882b135 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Sat, 4 Mar 2023 02:00:56 +0200 Subject: [PATCH] op: add example for VerifyAccessToken --- pkg/op/verifier_access_token.go | 2 +- pkg/op/verifier_access_token_example_test.go | 58 ++++++++++++++++++++ 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 pkg/op/verifier_access_token_example_test.go diff --git a/pkg/op/verifier_access_token.go b/pkg/op/verifier_access_token.go index e5f8299..9a8b912 100644 --- a/pkg/op/verifier_access_token.go +++ b/pkg/op/verifier_access_token.go @@ -65,7 +65,7 @@ func NewAccessTokenVerifier(issuer string, keySet oidc.KeySet, opts ...AccessTok return verifier } -// VerifyAccessToken validates the access token (issuer, signature and expiration) +// VerifyAccessToken validates the access token (issuer, signature and expiration). func VerifyAccessToken[C oidc.Claims](ctx context.Context, token string, v AccessTokenVerifier) (claims C, err error) { var nilClaims C diff --git a/pkg/op/verifier_access_token_example_test.go b/pkg/op/verifier_access_token_example_test.go new file mode 100644 index 0000000..2d986a0 --- /dev/null +++ b/pkg/op/verifier_access_token_example_test.go @@ -0,0 +1,58 @@ +package op_test + +import ( + "context" + "fmt" + + tu "github.com/zitadel/oidc/v2/internal/testutil" + "github.com/zitadel/oidc/v2/pkg/oidc" + "github.com/zitadel/oidc/v2/pkg/op" +) + +// MyCustomClaims extends the TokenClaims base, +// so it implments the oidc.Claims interface. +// Instead of carying a map, we add needed fields +// to the struct for type safe access. +type MyCustomClaims struct { + oidc.TokenClaims + NotBefore oidc.Time `json:"nbf,omitempty"` + CodeHash string `json:"c_hash,omitempty"` + SessionID string `json:"sid,omitempty"` + Scopes []string `json:"scope,omitempty"` + AccessTokenUseNumber int `json:"at_use_nbr,omitempty"` + Foo string `json:"foo,omitempty"` + Bar string `json:"bar,omitempty"` +} + +/* +accessToken caries the following claims. foo and bar are custom claims + + { + "aud": [ + "unit", + "test" + ], + "bar": "world", + "exp": 4802025920, + "foo": "hello", + "iat": 1677888259, + "iss": "local.com", + "jti": "9876", + "nbf": 1677888259, + "sub": "tim@local.com" + } +*/ +const accessToken = `eyJhbGciOiJSUzI1NiIsImtpZCI6IjEifQ.eyJhdWQiOlsidW5pdCIsInRlc3QiXSwiYmFyIjoid29ybGQiLCJleHAiOjQ4MDIwMjU5MjAsImZvbyI6ImhlbGxvIiwiaWF0IjoxNjc3ODg4MjU5LCJpc3MiOiJsb2NhbC5jb20iLCJqdGkiOiI5ODc2IiwibmJmIjoxNjc3ODg4MjU5LCJzdWIiOiJ0aW1AbG9jYWwuY29tIn0.TbKRJnfyfn1PTC46VVXqqiKZl4gVmRPdQy8dxXvMtp1SAeMU4gSuu2qb-bNlVgFqQ5YqvveKH4mswcUf7DrqPx79roBEY1VZ6R0e10beZBg0UZ0XaBf9V9YJGTRQNEuETRjl6kMwVav4oyP8ZW74-AOrgSql7vxCX3FDRTRxt_7oeFRz2YzugFdHPOqQo4IHudQNMN9WD9b3QgoKDyj0BGxAQ9WpDE5N7WKIf6fXipSXJBQmf22QazXFZcUOGfKdhFYZ9eSlZQRDFJTguEtKwzk7wcxt6aJBsU-AEha2SucRXe3j7J56hAEsN5gC5i9edSdr8ebzrhnnLJ1t-PafhQ` + +func ExampleVerifyAccessToken_customClaims() { + v := op.NewAccessTokenVerifier("local.com", tu.KeySet{}) + + // Now VerifyAccessToken can be called with the *MyCustomClaims type to provide + // type safe access to all the Claims. + claims, err := op.VerifyAccessToken[*MyCustomClaims](context.TODO(), accessToken, v) + if err != nil { + panic(err) + } + fmt.Println(claims.Foo, claims.Bar) + // Output: hello world +}