NewVPJWT issue a signed Vouch Proxy JWT for a user
(u structs.User, customClaims structs.CustomClaims, ptokens structs.PTokens)
| 76 | |
| 77 | // NewVPJWT issue a signed Vouch Proxy JWT for a user |
| 78 | func NewVPJWT(u structs.User, customClaims structs.CustomClaims, ptokens structs.PTokens) (string, error) { |
| 79 | // User`token` |
| 80 | // u.PrepareUserData() |
| 81 | claims := VouchClaims{ |
| 82 | u.Username, |
| 83 | customClaims.Claims, |
| 84 | ptokens.PAccessToken, |
| 85 | ptokens.PIdToken, |
| 86 | RegisteredClaims, |
| 87 | } |
| 88 | |
| 89 | claims.Audience = aud |
| 90 | claims.ExpiresAt = jwt.NewNumericDate(time.Now().Add(time.Minute * time.Duration(cfg.Cfg.JWT.MaxAge))) |
| 91 | |
| 92 | // https://github.com/vouch/vouch-proxy/issues/287 |
| 93 | if cfg.Cfg.Headers.AccessToken == "" { |
| 94 | claims.PAccessToken = "" |
| 95 | } |
| 96 | |
| 97 | if cfg.Cfg.Headers.IDToken == "" { |
| 98 | claims.PIdToken = "" |
| 99 | } |
| 100 | |
| 101 | // https://godoc.org/github.com/golang-jwt/jwt#NewWithClaims |
| 102 | token := jwt.NewWithClaims(jwt.GetSigningMethod(cfg.Cfg.JWT.SigningMethod), claims) |
| 103 | // log.Debugf("token: %v", token) |
| 104 | log.Debugf("token created, expires: %d diff from now: %d", claims.RegisteredClaims.ExpiresAt, claims.RegisteredClaims.ExpiresAt.Unix()-time.Now().Unix()) |
| 105 | |
| 106 | key, err := cfg.SigningKey() |
| 107 | if err != nil { |
| 108 | log.Errorf("%s", err) |
| 109 | } |
| 110 | |
| 111 | ss, err := token.SignedString(key) |
| 112 | if ss == "" || err != nil { |
| 113 | return "", fmt.Errorf("new JWT: signed token error: %s", err) |
| 114 | } |
| 115 | if cfg.Cfg.JWT.Compress { |
| 116 | ss, err = compressAndEncodeTokenString(ss) |
| 117 | if ss == "" || err != nil { |
| 118 | return "", fmt.Errorf("new JWT: compressed token error: %w", err) |
| 119 | } |
| 120 | } |
| 121 | return ss, nil |
| 122 | } |
| 123 | |
| 124 | // TODO: is this dead code? |
| 125 | // SiteInToken searches does the token contain the site? |