Skip to content
This repository has been archived by the owner on Jul 13, 2023. It is now read-only.

Server: refactor token verification to use the full verify library #8

Open
muhlemmer opened this issue Jan 3, 2020 · 0 comments
Open

Server: refactor token verification to use the full verify library #8

muhlemmer opened this issue Jan 3, 2020 · 0 comments
Milestone
v1.0

Comments

@muhlemmer
Copy link
Contributor

authenticator/cmd/server/transaction.go

Lines 183 to 208 in 4ee6ce9

func (rt *requestTx) checkJWT(token string, valid time.Time) (*jwt.Claims, error) {
log := rt.log.WithField("token", token)
if token == "" {
log.WithError(errors.New(errMissingToken)).Warn("checkJWT")
return nil, status.Error(codes.InvalidArgument, errMissingToken)
}
kid, err := verify.ParseJWTHeader(token)
if err != nil {
log.WithError(err).Warn("tokens.ParseJWTHeader()")
return nil, status.Error(codes.Unauthenticated, "Invalid token header")
}
key, err := rt.findJWTKey(kid)
if err != nil {
return nil, err
}
claims, err := jwt.EdDSACheck([]byte(token), []byte(key))
if err != nil {
log.WithError(err).Warn("jwt.EdDSACheck()")
return nil, status.Error(codes.Unauthenticated, "EdDSA verification failed")
}
if !claims.Valid(valid) {
log.WithError(errors.New(errExpiredToken)).Warn("jwt.EdDSACheck()")
return nil, status.Error(codes.Unauthenticated, errExpiredToken)
}
return claims, nil
}

@muhlemmer muhlemmer added this to the v0.2 milestone Jan 3, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.0
Development

No branches or pull requests
1 participant
@muhlemmer