daniel
/
distribution
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update create token to auth/token types 

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
master
Derek McGowan 2016-01-25 20:12:07 -08:00
parent fd17443988
commit 08d1f035f0
1 changed files with 22 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
contrib/token-server/token.go
View File

@ -61,7 +61,7 @@ type TokenIssuer struct {
Expiration time.Duration Expiration time.Duration
} }
// CreateJWT creates and signs a JSON Web Token for the given account and // CreateJWT creates and signs a JSON Web Token for the given subject and
// audience with the granted access. // audience with the granted access.
func (issuer *TokenIssuer) CreateJWT(subject string, audience string, grantedAccessList []auth.Access) (string, error) { func (issuer *TokenIssuer) CreateJWT(subject string, audience string, grantedAccessList []auth.Access) (string, error) {
// Make a set of access entries to put in the token's claimset. // Make a set of access entries to put in the token's claimset.
@ -75,14 +75,14 @@ func (issuer *TokenIssuer) CreateJWT(subject string, audience string, grantedAcc
actionSet[access.Action] = struct{}{} actionSet[access.Action] = struct{}{}
} }
accessEntries := make([]token.ResourceActions, 0, len(resourceActionSets)) accessEntries := make([]*token.ResourceActions, 0, len(resourceActionSets))
for resource, actionSet := range resourceActionSets { for resource, actionSet := range resourceActionSets {
actions := make([]string, 0, len(actionSet)) actions := make([]string, 0, len(actionSet))
for action := range actionSet { for action := range actionSet {
actions = append(actions, action) actions = append(actions, action)
} }
accessEntries = append(accessEntries, token.ResourceActions{ accessEntries = append(accessEntries, &token.ResourceActions{
Type: resource.Type, Type: resource.Type,
Name: resource.Name, Name: resource.Name,
Actions: actions, Actions: actions,
@ -109,15 +109,20 @@ func (issuer *TokenIssuer) CreateJWT(subject string, audience string, grantedAcc
panic(fmt.Errorf("unsupported signing key type %q", issuer.SigningKey.KeyType())) panic(fmt.Errorf("unsupported signing key type %q", issuer.SigningKey.KeyType()))
} }
joseHeader := map[string]interface{}{ joseHeader := token.Header{
"typ": "JWT", Type: "JWT",
"alg": alg, SigningAlg: alg,
} }
if x5c := issuer.SigningKey.GetExtendedField("x5c"); x5c != nil { if x5c := issuer.SigningKey.GetExtendedField("x5c"); x5c != nil {
joseHeader["x5c"] = x5c joseHeader.X5c = x5c.([]string)
} else { } else {
joseHeader["jwk"] = issuer.SigningKey.PublicKey() var jwkMessage json.RawMessage
jwkMessage, err = issuer.SigningKey.PublicKey().MarshalJSON()
if err != nil {
return "", err
}
joseHeader.RawJWK = &jwkMessage
} }
exp := issuer.Expiration exp := issuer.Expiration
@ -125,16 +130,16 @@ func (issuer *TokenIssuer) CreateJWT(subject string, audience string, grantedAcc
exp = 5 * time.Minute exp = 5 * time.Minute
} }
claimSet := map[string]interface{}{ claimSet := token.ClaimSet{
"iss": issuer.Issuer, Issuer: issuer.Issuer,
"sub": subject, Subject: subject,
"aud": audience, Audience: audience,
"exp": now.Add(exp).Unix(), Expiration: now.Add(exp).Unix(),
"nbf": now.Unix(), NotBefore: now.Unix(),
"iat": now.Unix(), IssuedAt: now.Unix(),
"jti": randomID, JWTID: randomID,
"access": accessEntries, Access: accessEntries,
} }
var ( var (