New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authn: Add common wrappers for identity and access tokens #25
Conversation
Also validate that the token is of correct type
Co-authored-by: Victor Cinaglia <victorcinaglia@gmail.com>
Co-authored-by: Victor Cinaglia <victorcinaglia@gmail.com>
@cinaglia I refactor it quite a lot, now they are truly just convenient wrappers for access token and id token. They Instead return expected claims, so not doing anything with the audience. I also moved the type to creation. I was thinking of adding it to config first but not sure it is needed from there. They annoying thing will be to sync these claims when we do changes. But the alternative would be that everyone that uses Verifier directly would have to do it themself. If these wrappers are used it would be done by upgrading the package |
@@ -7,12 +7,12 @@ import ( | |||
"github.com/go-jose/go-jose/v3/jwt" | |||
) | |||
|
|||
type IDVerifierConfig struct { | |||
type VerifierConfig struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not really IDVerifierConfig, we can use this for other things like access tokens
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great!
Co-authored-by: Victor Cinaglia <victorcinaglia@gmail.com>
Co-authored-by: Victor Cinaglia <victorcinaglia@gmail.com>
This add two wrappers around verifier with common use-cases we have.
One wrapper for extrating and validating grafana id tokens and one for access tokens. I also break the api on verify to include the expected typ of the token. We use
at+jwt
for access tokens andjwt
for id tokens.