go-micro/plugins/auth/jwt/token/jwt.go

package token

import (
	"encoding/base64"
	"time"

	"github.com/dgrijalva/jwt-go"
	"go-micro.dev/v4/auth"
)

// authClaims to be encoded in the JWT
type authClaims struct {
	Type     string            `json:"type"`
	Scopes   []string          `json:"scopes"`
	Metadata map[string]string `json:"metadata"`

	jwt.StandardClaims
}

// JWT implementation of token provider
type JWT struct {
	opts Options
}

// New returns an initialized basic provider
func New(opts ...Option) Provider {
	return &JWT{
		opts: NewOptions(opts...),
	}
}

// Generate a new JWT
func (j *JWT) Generate(acc *auth.Account, opts ...GenerateOption) (*Token, error) {
	// decode the private key
	priv, err := base64.StdEncoding.DecodeString(j.opts.PrivateKey)
	if err != nil {
		return nil, err
	}

	// parse the private key
	key, err := jwt.ParseRSAPrivateKeyFromPEM(priv)
	if err != nil {
		return nil, ErrEncodingToken
	}

	// parse the options
	options := NewGenerateOptions(opts...)

	// generate the JWT
	expiry := time.Now().Add(options.Expiry)
	t := jwt.NewWithClaims(jwt.SigningMethodRS256, authClaims{
		acc.Type, acc.Scopes, acc.Metadata, jwt.StandardClaims{
			Subject:   acc.ID,
			Issuer:    acc.Issuer,
			ExpiresAt: expiry.Unix(),
		},
	})
	tok, err := t.SignedString(key)
	if err != nil {
		return nil, err
	}

	// return the token
	return &Token{
		Token:   tok,
		Expiry:  expiry,
		Created: time.Now(),
	}, nil
}

// Inspect a JWT
func (j *JWT) Inspect(t string) (*auth.Account, error) {
	// decode the public key
	pub, err := base64.StdEncoding.DecodeString(j.opts.PublicKey)
	if err != nil {
		return nil, err
	}

	// parse the public key
	res, err := jwt.ParseWithClaims(t, &authClaims{}, func(token *jwt.Token) (interface{}, error) {
		return jwt.ParseRSAPublicKeyFromPEM(pub)
	})
	if err != nil {
		return nil, ErrInvalidToken
	}

	// validate the token
	if !res.Valid {
		return nil, ErrInvalidToken
	}
	claims, ok := res.Claims.(*authClaims)
	if !ok {
		return nil, ErrInvalidToken
	}

	// return the token
	return &auth.Account{
		ID:       claims.Subject,
		Issuer:   claims.Issuer,
		Type:     claims.Type,
		Scopes:   claims.Scopes,
		Metadata: claims.Metadata,
	}, nil
}

// String returns JWT
func (j *JWT) String() string {
	return "jwt"
}
refactor all the things 2020-12-29 17:49:26 +02:00			`package token`
Updated auth interface (#1384) * Updated auth interface * Add Rule * Remove Rule * Return token from Renew * Renew => Refresh * Implement Tokens & Default Auth Implementation * Change default auth to noop * Change default auth to noop * Move token.Token to auth.Token * Remove Token from Account * Auth service implementation * Decode JWT locally * Cookie for secret * Move string to bottom of interface definition * Depricate auth_exclude * Update auth wrappers * Update go.sum Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-23 18:19:30 +02:00
			`import (`
			`"encoding/base64"`
			`"time"`

			`"github.com/dgrijalva/jwt-go"`
go-micro.dev/v4 (#2305) 2021-10-12 13:55:53 +02:00			`"go-micro.dev/v4/auth"`
Updated auth interface (#1384) * Updated auth interface * Add Rule * Remove Rule * Return token from Renew * Renew => Refresh * Implement Tokens & Default Auth Implementation * Change default auth to noop * Change default auth to noop * Move token.Token to auth.Token * Remove Token from Account * Auth service implementation * Decode JWT locally * Cookie for secret * Move string to bottom of interface definition * Depricate auth_exclude * Update auth wrappers * Update go.sum Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-23 18:19:30 +02:00			`)`

			`// authClaims to be encoded in the JWT`
			`type authClaims struct {`
Replace auth account.Namespace with account.Scopes 2020-05-19 19:17:17 +02:00			Type string `json:"type"`
			Scopes []string `json:"scopes"`
			Metadata map[string]string `json:"metadata"`
Updated auth interface (#1384) * Updated auth interface * Add Rule * Remove Rule * Return token from Renew * Renew => Refresh * Implement Tokens & Default Auth Implementation * Change default auth to noop * Change default auth to noop * Move token.Token to auth.Token * Remove Token from Account * Auth service implementation * Decode JWT locally * Cookie for secret * Move string to bottom of interface definition * Depricate auth_exclude * Update auth wrappers * Update go.sum Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-23 18:19:30 +02:00
			`jwt.StandardClaims`
			`}`

			`// JWT implementation of token provider`
			`type JWT struct {`
refactor all the things 2020-12-29 17:49:26 +02:00			`opts Options`
Updated auth interface (#1384) * Updated auth interface * Add Rule * Remove Rule * Return token from Renew * Renew => Refresh * Implement Tokens & Default Auth Implementation * Change default auth to noop * Change default auth to noop * Move token.Token to auth.Token * Remove Token from Account * Auth service implementation * Decode JWT locally * Cookie for secret * Move string to bottom of interface definition * Depricate auth_exclude * Update auth wrappers * Update go.sum Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-23 18:19:30 +02:00			`}`

refactor all the things 2020-12-29 17:49:26 +02:00			`// New returns an initialized basic provider`
			`func New(opts ...Option) Provider {`
Updated auth interface (#1384) * Updated auth interface * Add Rule * Remove Rule * Return token from Renew * Renew => Refresh * Implement Tokens & Default Auth Implementation * Change default auth to noop * Change default auth to noop * Move token.Token to auth.Token * Remove Token from Account * Auth service implementation * Decode JWT locally * Cookie for secret * Move string to bottom of interface definition * Depricate auth_exclude * Update auth wrappers * Update go.sum Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-23 18:19:30 +02:00			`return &JWT{`
refactor all the things 2020-12-29 17:49:26 +02:00			`opts: NewOptions(opts...),`
Updated auth interface (#1384) * Updated auth interface * Add Rule * Remove Rule * Return token from Renew * Renew => Refresh * Implement Tokens & Default Auth Implementation * Change default auth to noop * Change default auth to noop * Move token.Token to auth.Token * Remove Token from Account * Auth service implementation * Decode JWT locally * Cookie for secret * Move string to bottom of interface definition * Depricate auth_exclude * Update auth wrappers * Update go.sum Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-23 18:19:30 +02:00			`}`
			`}`

			`// Generate a new JWT`
refactor all the things 2020-12-29 17:49:26 +02:00			`func (j JWT) Generate(acc auth.Account, opts ...GenerateOption) (*Token, error) {`
Updated auth interface (#1384) * Updated auth interface * Add Rule * Remove Rule * Return token from Renew * Renew => Refresh * Implement Tokens & Default Auth Implementation * Change default auth to noop * Change default auth to noop * Move token.Token to auth.Token * Remove Token from Account * Auth service implementation * Decode JWT locally * Cookie for secret * Move string to bottom of interface definition * Depricate auth_exclude * Update auth wrappers * Update go.sum Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-23 18:19:30 +02:00			`// decode the private key`
			`priv, err := base64.StdEncoding.DecodeString(j.opts.PrivateKey)`
			`if err != nil {`
			`return nil, err`
			`}`

			`// parse the private key`
			`key, err := jwt.ParseRSAPrivateKeyFromPEM(priv)`
			`if err != nil {`
refactor all the things 2020-12-29 17:49:26 +02:00			`return nil, ErrEncodingToken`
Updated auth interface (#1384) * Updated auth interface * Add Rule * Remove Rule * Return token from Renew * Renew => Refresh * Implement Tokens & Default Auth Implementation * Change default auth to noop * Change default auth to noop * Move token.Token to auth.Token * Remove Token from Account * Auth service implementation * Decode JWT locally * Cookie for secret * Move string to bottom of interface definition * Depricate auth_exclude * Update auth wrappers * Update go.sum Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-23 18:19:30 +02:00			`}`

			`// parse the options`
refactor all the things 2020-12-29 17:49:26 +02:00			`options := NewGenerateOptions(opts...)`
Updated auth interface (#1384) * Updated auth interface * Add Rule * Remove Rule * Return token from Renew * Renew => Refresh * Implement Tokens & Default Auth Implementation * Change default auth to noop * Change default auth to noop * Move token.Token to auth.Token * Remove Token from Account * Auth service implementation * Decode JWT locally * Cookie for secret * Move string to bottom of interface definition * Depricate auth_exclude * Update auth wrappers * Update go.sum Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-23 18:19:30 +02:00
			`// generate the JWT`
			`expiry := time.Now().Add(options.Expiry)`
			`t := jwt.NewWithClaims(jwt.SigningMethodRS256, authClaims{`
Add account issuers 2020-05-21 17:41:55 +02:00			`acc.Type, acc.Scopes, acc.Metadata, jwt.StandardClaims{`
Further Refactoring 2020-04-01 15:25:00 +02:00			`Subject: acc.ID,`
Add account issuers 2020-05-21 17:41:55 +02:00			`Issuer: acc.Issuer,`
Updated auth interface (#1384) * Updated auth interface * Add Rule * Remove Rule * Return token from Renew * Renew => Refresh * Implement Tokens & Default Auth Implementation * Change default auth to noop * Change default auth to noop * Move token.Token to auth.Token * Remove Token from Account * Auth service implementation * Decode JWT locally * Cookie for secret * Move string to bottom of interface definition * Depricate auth_exclude * Update auth wrappers * Update go.sum Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-23 18:19:30 +02:00			`ExpiresAt: expiry.Unix(),`
			`},`
			`})`
			`tok, err := t.SignedString(key)`
			`if err != nil {`
			`return nil, err`
			`}`

			`// return the token`
refactor all the things 2020-12-29 17:49:26 +02:00			`return &Token{`
Further Refactoring 2020-04-01 15:25:00 +02:00			`Token: tok,`
			`Expiry: expiry,`
			`Created: time.Now(),`
Updated auth interface (#1384) * Updated auth interface * Add Rule * Remove Rule * Return token from Renew * Renew => Refresh * Implement Tokens & Default Auth Implementation * Change default auth to noop * Change default auth to noop * Move token.Token to auth.Token * Remove Token from Account * Auth service implementation * Decode JWT locally * Cookie for secret * Move string to bottom of interface definition * Depricate auth_exclude * Update auth wrappers * Update go.sum Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-23 18:19:30 +02:00			`}, nil`
			`}`

			`// Inspect a JWT`
Further Refactoring 2020-04-01 15:25:00 +02:00			`func (j JWT) Inspect(t string) (auth.Account, error) {`
Updated auth interface (#1384) * Updated auth interface * Add Rule * Remove Rule * Return token from Renew * Renew => Refresh * Implement Tokens & Default Auth Implementation * Change default auth to noop * Change default auth to noop * Move token.Token to auth.Token * Remove Token from Account * Auth service implementation * Decode JWT locally * Cookie for secret * Move string to bottom of interface definition * Depricate auth_exclude * Update auth wrappers * Update go.sum Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-23 18:19:30 +02:00			`// decode the public key`
			`pub, err := base64.StdEncoding.DecodeString(j.opts.PublicKey)`
			`if err != nil {`
			`return nil, err`
			`}`

			`// parse the public key`
			`res, err := jwt.ParseWithClaims(t, &authClaims{}, func(token *jwt.Token) (interface{}, error) {`
			`return jwt.ParseRSAPublicKeyFromPEM(pub)`
			`})`
			`if err != nil {`
refactor all the things 2020-12-29 17:49:26 +02:00			`return nil, ErrInvalidToken`
Updated auth interface (#1384) * Updated auth interface * Add Rule * Remove Rule * Return token from Renew * Renew => Refresh * Implement Tokens & Default Auth Implementation * Change default auth to noop * Change default auth to noop * Move token.Token to auth.Token * Remove Token from Account * Auth service implementation * Decode JWT locally * Cookie for secret * Move string to bottom of interface definition * Depricate auth_exclude * Update auth wrappers * Update go.sum Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-23 18:19:30 +02:00			`}`

			`// validate the token`
			`if !res.Valid {`
refactor all the things 2020-12-29 17:49:26 +02:00			`return nil, ErrInvalidToken`
Updated auth interface (#1384) * Updated auth interface * Add Rule * Remove Rule * Return token from Renew * Renew => Refresh * Implement Tokens & Default Auth Implementation * Change default auth to noop * Change default auth to noop * Move token.Token to auth.Token * Remove Token from Account * Auth service implementation * Decode JWT locally * Cookie for secret * Move string to bottom of interface definition * Depricate auth_exclude * Update auth wrappers * Update go.sum Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-23 18:19:30 +02:00			`}`
			`claims, ok := res.Claims.(*authClaims)`
			`if !ok {`
refactor all the things 2020-12-29 17:49:26 +02:00			`return nil, ErrInvalidToken`
Updated auth interface (#1384) * Updated auth interface * Add Rule * Remove Rule * Return token from Renew * Renew => Refresh * Implement Tokens & Default Auth Implementation * Change default auth to noop * Change default auth to noop * Move token.Token to auth.Token * Remove Token from Account * Auth service implementation * Decode JWT locally * Cookie for secret * Move string to bottom of interface definition * Depricate auth_exclude * Update auth wrappers * Update go.sum Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-23 18:19:30 +02:00			`}`

			`// return the token`
Further Refactoring 2020-04-01 15:25:00 +02:00			`return &auth.Account{`
Replace auth account.Namespace with account.Scopes 2020-05-19 19:17:17 +02:00			`ID: claims.Subject,`
Add account issuers 2020-05-21 17:41:55 +02:00			`Issuer: claims.Issuer,`
Replace auth account.Namespace with account.Scopes 2020-05-19 19:17:17 +02:00			`Type: claims.Type,`
			`Scopes: claims.Scopes,`
			`Metadata: claims.Metadata,`
Updated auth interface (#1384) * Updated auth interface * Add Rule * Remove Rule * Return token from Renew * Renew => Refresh * Implement Tokens & Default Auth Implementation * Change default auth to noop * Change default auth to noop * Move token.Token to auth.Token * Remove Token from Account * Auth service implementation * Decode JWT locally * Cookie for secret * Move string to bottom of interface definition * Depricate auth_exclude * Update auth wrappers * Update go.sum Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-23 18:19:30 +02:00			`}, nil`
			`}`

			`// String returns JWT`
			`func (j *JWT) String() string {`
			`return "jwt"`
			`}`