summaryrefslogtreecommitdiff
path: root/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go')
-rw-r--r--vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go22
1 files changed, 16 insertions, 6 deletions
diff --git a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go
index 57c2950f0..10021812b 100644
--- a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go
+++ b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go
@@ -8,18 +8,18 @@ import (
"code.superseriousbusiness.org/oauth2/v4"
"code.superseriousbusiness.org/oauth2/v4/errors"
- "github.com/golang-jwt/jwt"
+ "github.com/golang-jwt/jwt/v5"
"github.com/google/uuid"
)
// JWTAccessClaims jwt claims
type JWTAccessClaims struct {
- jwt.StandardClaims
+ jwt.RegisteredClaims
}
// Valid claims verification
func (a *JWTAccessClaims) Valid() error {
- if time.Unix(a.ExpiresAt, 0).Before(time.Now()) {
+ if a.ExpiresAt != nil && time.Unix(a.ExpiresAt.Unix(), 0).Before(time.Now()) {
return errors.ErrInvalidAccessToken
}
return nil
@@ -44,10 +44,10 @@ type JWTAccessGenerate struct {
// Token based on the UUID generated token
func (a *JWTAccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic, isGenRefresh bool) (string, string, error) {
claims := &JWTAccessClaims{
- StandardClaims: jwt.StandardClaims{
- Audience: data.Client.GetID(),
+ RegisteredClaims: jwt.RegisteredClaims{
+ Audience: jwt.ClaimStrings{data.Client.GetID()},
Subject: data.UserID,
- ExpiresAt: data.TokenInfo.GetAccessCreateAt().Add(data.TokenInfo.GetAccessExpiresIn()).Unix(),
+ ExpiresAt: jwt.NewNumericDate(data.TokenInfo.GetAccessCreateAt().Add(data.TokenInfo.GetAccessExpiresIn())),
},
}
@@ -70,6 +70,12 @@ func (a *JWTAccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasi
key = v
} else if a.isHs() {
key = a.SignedKey
+ } else if a.isEd() {
+ v, err := jwt.ParseEdPrivateKeyFromPEM(a.SignedKey)
+ if err != nil {
+ return "", "", err
+ }
+ key = v
} else {
return "", "", errors.New("unsupported sign method")
}
@@ -102,3 +108,7 @@ func (a *JWTAccessGenerate) isRsOrPS() bool {
func (a *JWTAccessGenerate) isHs() bool {
return strings.HasPrefix(a.SignedMethod.Alg(), "HS")
}
+
+func (a *JWTAccessGenerate) isEd() bool {
+ return strings.HasPrefix(a.SignedMethod.Alg(), "Ed")
+}
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-03 11:23:43 +0000