/
token_metadata.go
57 lines (48 loc) · 1.43 KB
/
token_metadata.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
package keycloak
import (
"fmt"
"time"
"github.com/SermoDigital/jose/jws"
"github.com/SermoDigital/jose/jwt"
)
type TokenClass string
const (
AccessTokenClass TokenClass = "access_token"
RefreshTokenClass TokenClass = "refresh_token"
IdTokenClass TokenClass = "id_token"
)
type TokenMetadata struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
RefreshExpiresIn int `json:"refresh_expires_in"`
IdToken string `json:"id_token"`
NotBeforePolicy int `json:"not-before-policy"`
SessionState string `json:"session_state"`
}
// Get JWT for the specified token in TokenMetadata
func (tk *TokenMetadata) ParseJWT(tokenClass TokenClass) (j jwt.JWT, err error) {
var field string
switch tokenClass {
case AccessTokenClass:
field = tk.AccessToken
case RefreshTokenClass:
field = tk.RefreshToken
case IdTokenClass:
field = tk.IdToken
default:
err = fmt.Errorf("Invalid token class: %s", tokenClass)
return
}
j, err = jws.ParseJWT([]byte(field))
return
}
func (tk *TokenMetadata) IsExpired(tokenClass TokenClass, bufSec time.Duration) (bool, error) {
if j, err := tk.ParseJWT(tokenClass); err == nil {
if exp, ok := j.Claims().Expiration(); ok {
return exp.Add(-bufSec * time.Second).Before(time.Now()), nil
}
}
return true, fmt.Errorf("the token is invalid")
}