CreateAccessToken util to create JWT token, based on user information, roles config and CUSTOM_ACCESS_TOKEN_SCRIPT
(cfg *AuthTokenConfig)
| 224 | // CreateAccessToken util to create JWT token, based on |
| 225 | // user information, roles config and CUSTOM_ACCESS_TOKEN_SCRIPT |
| 226 | func (p *provider) CreateAccessToken(cfg *AuthTokenConfig) (string, int64, error) { |
| 227 | expiryBound, err := utils.ParseDurationInSeconds(cfg.ExpireTime) |
| 228 | if err != nil { |
| 229 | expiryBound = time.Minute * 30 |
| 230 | } |
| 231 | expiresAt := time.Now().Add(expiryBound).Unix() |
| 232 | customClaims := jwt.MapClaims{ |
| 233 | "iss": cfg.HostName, |
| 234 | "aud": p.config.ClientID, |
| 235 | "nonce": cfg.Nonce, |
| 236 | "sub": cfg.User.ID, |
| 237 | "exp": expiresAt, |
| 238 | "iat": time.Now().Unix(), |
| 239 | "token_type": constants.TokenTypeAccessToken, |
| 240 | "scope": cfg.Scope, |
| 241 | "roles": cfg.Roles, |
| 242 | "login_method": cfg.LoginMethod, |
| 243 | "allowed_roles": strings.Split(cfg.User.Roles, ","), |
| 244 | } |
| 245 | // check for the extra access token script |
| 246 | if p.config.CustomAccessTokenScript != "" { |
| 247 | resUser := cfg.User.AsAPIUser() |
| 248 | userBytes, _ := json.Marshal(&resUser) |
| 249 | var userMap map[string]interface{} |
| 250 | _ = json.Unmarshal(userBytes, &userMap) |
| 251 | p.runCustomAccessTokenScript(userBytes, customClaims) |
| 252 | } |
| 253 | token, err := p.SignJWTToken(customClaims) |
| 254 | if err != nil { |
| 255 | return "", 0, err |
| 256 | } |
| 257 | |
| 258 | return token, expiresAt, nil |
| 259 | } |
| 260 | |
| 261 | // GetAccessToken returns the access token from the request (either from header or cookie) |
| 262 | func (p *provider) GetAccessToken(gc *gin.Context) (string, error) { |
no test coverage detected