50 lines
1.2 KiB
Go
50 lines
1.2 KiB
Go
/*
|
|
Copyright (c) 2020 Stefan Kürzeder <info@stivik.de>
|
|
This code is licensed under MIT license (see LICENSE for details)
|
|
*/
|
|
package forwardauth
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
|
|
"golang.org/x/oauth2"
|
|
)
|
|
|
|
func (fw *ForwardAuth) VerifyToken(ctx context.Context, oauth2Token *oauth2.Token) (AuthenticatationResult, error) {
|
|
var result AuthenticatationResult
|
|
|
|
rawIDToken, ok := oauth2Token.Extra("id_token").(string)
|
|
if !ok {
|
|
return result, errors.New("No id_token field in oauth2 token")
|
|
}
|
|
|
|
idToken, err := fw.OidcVefifier.Verify(ctx, rawIDToken)
|
|
if err != nil {
|
|
return result, err
|
|
}
|
|
|
|
result = AuthenticatationResult{rawIDToken, oauth2Token.RefreshToken, new(Claims)}
|
|
if err := idToken.Claims(&result.IDTokenClaims); err != nil {
|
|
return result, err
|
|
}
|
|
|
|
return result, nil
|
|
}
|
|
|
|
func (fw *ForwardAuth) RefreshToken(ctx context.Context, refreshToken string) (*AuthenticatationResult, error) {
|
|
var result AuthenticatationResult
|
|
|
|
tokenSource := fw.OAuth2Config.TokenSource(ctx, &oauth2.Token{RefreshToken: refreshToken})
|
|
oauth2Token, err := tokenSource.Token()
|
|
if err != nil {
|
|
return &result, err
|
|
}
|
|
|
|
result, err = fw.VerifyToken(ctx, oauth2Token)
|
|
if err != nil {
|
|
return &result, err
|
|
}
|
|
|
|
return &result, nil
|
|
}
|