MCPcopy
hub / github.com/vouch/vouch-proxy / NewVPJWT

Function NewVPJWT

pkg/jwtmanager/jwtmanager.go:78–122  ·  view source on GitHub ↗

NewVPJWT issue a signed Vouch Proxy JWT for a user

(u structs.User, customClaims structs.CustomClaims, ptokens structs.PTokens)

Source from the content-addressed store, hash-verified

76
77// NewVPJWT issue a signed Vouch Proxy JWT for a user
78func NewVPJWT(u structs.User, customClaims structs.CustomClaims, ptokens structs.PTokens) (string, error) {
79 // User`token`
80 // u.PrepareUserData()
81 claims := VouchClaims{
82 u.Username,
83 customClaims.Claims,
84 ptokens.PAccessToken,
85 ptokens.PIdToken,
86 RegisteredClaims,
87 }
88
89 claims.Audience = aud
90 claims.ExpiresAt = jwt.NewNumericDate(time.Now().Add(time.Minute * time.Duration(cfg.Cfg.JWT.MaxAge)))
91
92 // https://github.com/vouch/vouch-proxy/issues/287
93 if cfg.Cfg.Headers.AccessToken == "" {
94 claims.PAccessToken = ""
95 }
96
97 if cfg.Cfg.Headers.IDToken == "" {
98 claims.PIdToken = ""
99 }
100
101 // https://godoc.org/github.com/golang-jwt/jwt#NewWithClaims
102 token := jwt.NewWithClaims(jwt.GetSigningMethod(cfg.Cfg.JWT.SigningMethod), claims)
103 // log.Debugf("token: %v", token)
104 log.Debugf("token created, expires: %d diff from now: %d", claims.RegisteredClaims.ExpiresAt, claims.RegisteredClaims.ExpiresAt.Unix()-time.Now().Unix())
105
106 key, err := cfg.SigningKey()
107 if err != nil {
108 log.Errorf("%s", err)
109 }
110
111 ss, err := token.SignedString(key)
112 if ss == "" || err != nil {
113 return "", fmt.Errorf("new JWT: signed token error: %s", err)
114 }
115 if cfg.Cfg.JWT.Compress {
116 ss, err = compressAndEncodeTokenString(ss)
117 if ss == "" || err != nil {
118 return "", fmt.Errorf("new JWT: compressed token error: %w", err)
119 }
120 }
121 return ss, nil
122}
123
124// TODO: is this dead code?
125// SiteInToken searches does the token contain the site?

Callers 9

TestParsedIdPTokensFunction · 0.92
AuthStateHandlerFunction · 0.92
TestJWTCacheHandlerFunction · 0.92
TestClaimsHMACFunction · 0.85
TestClaimsFunction · 0.85

Calls 2

SigningKeyFunction · 0.92

Tested by 8

TestParsedIdPTokensFunction · 0.74
TestJWTCacheHandlerFunction · 0.74
TestClaimsHMACFunction · 0.68
TestClaimsFunction · 0.68