blob: 3271af822ce521669a7f8425b2ef9b0669d5880a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
package authz
import (
"encoding/base64"
"encoding/json"
"errors"
"strings"
)
type CustomClaims struct {
Name string `json:"name"`
Nickname string `json:"nickname"`
Email string `json:"email"`
ProfileURL string `json:"profile"`
Picture string `json:"picture"`
Groups []string `json:"groups_direct"`
}
type IDToken struct {
Issuer string `json:"iss"`
Subject string `json:"sub"`
Audience any `json:"aud"`
Expiry any `json:"exp"`
IssuedAt any `json:"iat"`
NotBefore any `json:"nbf"`
Nonce string `json:"nonce"`
AtHash string `json:"at_hash"`
ClaimNames map[string]string `json:"_claim_names"`
ClaimSources map[string]ClaimSource `json:"_claim_sources"`
CustomClaims
}
type ClaimSource struct {
Endpoint string `json:"endpoint"`
AccessToken string `json:"access_token"`
}
func NewIDToken(raw string) (*IDToken, error) {
sections := strings.SplitN(raw, ".", 3)
if len(sections) != 3 {
return nil, errors.New("Invalid token")
}
bytes, err := base64.RawURLEncoding.DecodeString(sections[1])
if err != nil {
return nil, err
}
token := &IDToken{}
if err := json.Unmarshal(bytes, token); err != nil {
return nil, err
}
return token, nil
}
|
