getAccessJwt constructs an access jwt with the given user id, groupIds, namespace and expiration TTL specified by worker.Config.AccessJwtTtl
(userId string, groups []acl.Group, namespace uint64)
| 241 | // getAccessJwt constructs an access jwt with the given user id, groupIds, namespace |
| 242 | // and expiration TTL specified by worker.Config.AccessJwtTtl |
| 243 | func getAccessJwt(userId string, groups []acl.Group, namespace uint64) (string, error) { |
| 244 | token := jwt.NewWithClaims(worker.Config.AclJwtAlg, jwt.MapClaims{ |
| 245 | "userid": userId, |
| 246 | "groups": acl.GetGroupIDs(groups), |
| 247 | "namespace": namespace, |
| 248 | // set the jwt exp according to the ttl |
| 249 | "exp": time.Now().Add(worker.Config.AccessJwtTtl).Unix(), |
| 250 | }) |
| 251 | |
| 252 | jwtString, err := token.SignedString(x.MaybeKeyToBytes(worker.Config.AclSecretKey)) |
| 253 | if err != nil { |
| 254 | return "", errors.Errorf("unable to encode jwt to string: %v", err) |
| 255 | } |
| 256 | return jwtString, nil |
| 257 | } |
| 258 | |
| 259 | // getRefreshJwt constructs a refresh jwt with the given user id, namespace and expiration ttl |
| 260 | // specified by worker.Config.RefreshJwtTtl |