extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-08-14 01:08:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

Check multiple audience values (#781)

Browse Source 
Some IDP use different audience for different clients. 
This update checks HTTP and Device authorization flow audience values.



---------

Co-authored-by: Givi Khojanashvili <gigovich@gmail.com>
This commit is contained in:
Maycon Santos
2023-04-04 16:40:56 +02:00
committed by GitHub
parent f14f34cf2b
commit fe1ea4a2d0
4 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
management/server/jwtclaims/jwtValidator.go
View File

@ -64,7 +64,7 @@ type JWTValidator struct {
}
// NewJWTValidator constructor
func NewJWTValidator(issuer string, audience string, keysLocation string) (*JWTValidator, error) {
func NewJWTValidator(issuer string, audienceList []string, keysLocation string) (*JWTValidator, error) {
keys, err := getPemKeys(keysLocation)
if err != nil {
return nil, err
@ -73,7 +73,13 @@ func NewJWTValidator(issuer string, audience string, keysLocation string) (*JWTV
options := Options{
ValidationKeyGetter: func(token *jwt.Token) (interface{}, error) {
// Verify 'aud' claim
checkAud := token.Claims.(jwt.MapClaims).VerifyAudience(audience, false)
var checkAud bool
for _, audience := range audienceList {
checkAud = token.Claims.(jwt.MapClaims).VerifyAudience(audience, false)
if checkAud {
break
}
}
if !checkAud {
return token, errors.New("invalid audience")
}