32 lines
1.2 KiB
Go
32 lines
1.2 KiB
Go
package oidc
|
|
|
|
import (
|
|
"context"
|
|
|
|
"gopkg.in/square/go-jose.v2"
|
|
)
|
|
|
|
// KeySet is a set of publc JSON Web Keys that can be used to validate the signature
|
|
// of JSON web tokens. This is expected to be backed by a remote key set through
|
|
// provider metadata discovery or an in-memory set of keys delivered out-of-band.
|
|
type KeySet interface {
|
|
// VerifySignature parses the JSON web token, verifies the signature, and returns
|
|
// the raw payload. Header and claim fields are validated by other parts of the
|
|
// package. For example, the KeySet does not need to check values such as signature
|
|
// algorithm, issuer, and audience since the IDTokenVerifier validates these values
|
|
// independently.
|
|
//
|
|
// If VerifySignature makes HTTP requests to verify the token, it's expected to
|
|
// use any HTTP client associated with the context through ClientContext.
|
|
VerifySignature(ctx context.Context, jws *jose.JSONWebSignature) (payload []byte, err error)
|
|
}
|
|
|
|
func CheckKey(keyID string, jws *jose.JSONWebSignature, keys ...jose.JSONWebKey) ([]byte, error, bool) {
|
|
for _, key := range keys {
|
|
if keyID == "" || key.KeyID == keyID {
|
|
payload, err := jws.Verify(&key)
|
|
return payload, err, true
|
|
}
|
|
}
|
|
return nil, nil, false
|
|
}
|