mirror of
https://github.com/foomo/keel.git
synced 2025-10-16 12:35:34 +00:00
26 lines
806 B
Go
26 lines
806 B
Go
package jwt
|
|
|
|
import (
|
|
"github.com/golang-jwt/jwt"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
func DefaultKeyFunc(key Key, deprecatedKeys map[string]Key) jwt.Keyfunc {
|
|
return func(token *jwt.Token) (interface{}, error) {
|
|
if token.Method.Alg() != jwt.SigningMethodRS256.Name {
|
|
return nil, errors.New("unexpected jwt signing method: " + token.Method.Alg())
|
|
}
|
|
if kid, ok := token.Header["kid"]; !ok {
|
|
return nil, errors.New("missing key identifier")
|
|
} else if kidString, ok := kid.(string); !ok {
|
|
return nil, errors.New("invalid key identifier type")
|
|
} else if oldKey, ok := deprecatedKeys[kidString]; ok {
|
|
return oldKey.Public, nil
|
|
} else if kidString == key.ID {
|
|
return key.Public, nil
|
|
} else {
|
|
return nil, errors.New("unknown key identifier: " + kidString + " (" + key.ID + ")")
|
|
}
|
|
}
|
|
}
|