diff --git a/enigma/jwt_test.go b/enigma/jwt_test.go index 064818042..fbe52b70d 100644 --- a/enigma/jwt_test.go +++ b/enigma/jwt_test.go @@ -55,7 +55,7 @@ func TestRejectsAlgAndTypHeader(t *testing.T) { {"typ": "foo"}, {"typ": "foo", "alg": "foo"}, } { - claims, _ := jwthelper.NewClaimsContext("fosite", "peter", "group0", + claims, _ := jwthelper.NewClaimsContext("fosite", "peter", "group0", "", time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{})) j := JWTEnigma{ @@ -68,7 +68,7 @@ func TestRejectsAlgAndTypHeader(t *testing.T) { } func TestGenerateJWT(t *testing.T) { - claims, err := jwthelper.NewClaimsContext("fosite", "peter", "group0", + claims, err := jwthelper.NewClaimsContext("fosite", "peter", "group0", "", time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{})) j := JWTEnigma{ @@ -109,7 +109,7 @@ func TestGenerateJWT(t *testing.T) { j.PrivateKey = []byte(TestCertificates[0][1]) // Lets validate the exp claim - claims, err = jwthelper.NewClaimsContext("fosite", "peter", "group0", + claims, err = jwthelper.NewClaimsContext("fosite", "peter", "group0", "", time.Now().Add(-time.Hour), time.Now(), time.Now(), make(map[string]interface{})) token, sig, err = j.Generate(claims, make(map[string]interface{})) @@ -121,7 +121,7 @@ func TestGenerateJWT(t *testing.T) { require.NotNil(t, err, "%s", err) // Lets validate the nbf claim - claims, err = jwthelper.NewClaimsContext("fosite", "peter", "group0", + claims, err = jwthelper.NewClaimsContext("fosite", "peter", "group0", "", time.Now().Add(time.Hour), time.Now().Add(time.Hour), time.Now(), make(map[string]interface{})) token, sig, err = j.Generate(claims, make(map[string]interface{})) diff --git a/enigma/jwthelper/claims.go b/enigma/jwthelper/claims.go index 2d9f7c978..5ef4e8f5a 100644 --- a/enigma/jwthelper/claims.go +++ b/enigma/jwthelper/claims.go @@ -29,7 +29,7 @@ var reservedClaimNames = map[string]string{ } // NewClaimsContext : Dezignated initializer of the ClaimsContext handler -func NewClaimsContext(issuer string, subject string, audience string, +func NewClaimsContext(issuer string, subject string, audience string, tokenId string, expiresAt time.Time, notBefore time.Time, issuedAt time.Time, userClaims map[string]interface{}) (*ClaimsContext, error) { @@ -50,7 +50,11 @@ func NewClaimsContext(issuer string, subject string, audience string, allClaims["nbf"] = notBefore.Unix() allClaims["aud"] = audience allClaims["exp"] = expiresAt.Unix() - allClaims["jti"] = uuid.New() + if tokenId != "" { + allClaims["jti"] = tokenId + } else { + allClaims["jti"] = uuid.New() + } return &allClaims, nil } diff --git a/enigma/jwthelper/claims_test.go b/enigma/jwthelper/claims_test.go index 762d50416..176366325 100644 --- a/enigma/jwthelper/claims_test.go +++ b/enigma/jwthelper/claims_test.go @@ -9,7 +9,7 @@ import ( func TestValidClaimsContext(t *testing.T) { userClaims := ClaimsContext{"user-id": "123456", "custom-time": 1453066866, "custom-time-f": 1631.083, "custom-date": time.Date(2016, time.January, 17, 19, 00, 00, 00, &time.Location{})} - ctx, err := NewClaimsContext("fosite/auth", "Peter", "peter@ory-am.com", time.Now().Add(time.Hour), time.Now(), time.Now(), userClaims) + ctx, err := NewClaimsContext("fosite/auth", "Peter", "peter@ory-am.com", "", time.Now().Add(time.Hour), time.Now(), time.Now(), userClaims) assert.Nil(t, err) assert.Equal(t, "fosite/auth", ctx.GetIssuer()) @@ -41,11 +41,11 @@ func TestValidClaimsContext(t *testing.T) { func TestInvalidClaimsContext(t *testing.T) { userClaims := ClaimsContext{"sub": "the \"sub\" field cannot be passed to claims context since it's a reserved claim"} - claimsCtx, err := NewClaimsContext("fosite/auth", "Peter", "peter@ory-am.com", time.Now().Add(time.Hour), time.Now(), time.Now(), userClaims) + claimsCtx, err := NewClaimsContext("fosite/auth", "Peter", "peter@ory-am.com", "", time.Now().Add(time.Hour), time.Now(), time.Now(), userClaims) assert.NotNil(t, err) userClaims = ClaimsContext{"alt": ""} - claimsCtx, err = NewClaimsContext("fosite/auth", "Peter", "peter@ory-am.com", time.Now().Add(-time.Hour), time.Now().Add(time.Hour), time.Now(), userClaims) + claimsCtx, err = NewClaimsContext("fosite/auth", "Peter", "peter@ory-am.com", "", time.Now().Add(-time.Hour), time.Now().Add(time.Hour), time.Now(), userClaims) assert.Nil(t, err) assert.True(t, claimsCtx.AssertExpired()) diff --git a/fosite-example/main.go b/fosite-example/main.go index f4994edf9..e867f404c 100644 --- a/fosite-example/main.go +++ b/fosite-example/main.go @@ -166,7 +166,7 @@ func tokenEndpoint(rw http.ResponseWriter, req *http.Request) { if typeof(*selectedStrategy) == "strategy.JWTStrategy" { // JWT - claims, _ := jwthelper.NewClaimsContext("fosite", "peter", "group0", + claims, _ := jwthelper.NewClaimsContext("fosite", "peter", "group0", "", time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{})) mySessionData := strategy.JWTSession{ @@ -239,7 +239,7 @@ func authEndpoint(rw http.ResponseWriter, req *http.Request) { if typeof(*selectedStrategy) == "strategy.JWTStrategy" { // JWT - claims, _ := jwthelper.NewClaimsContext("fosite", "peter", "group0", + claims, _ := jwthelper.NewClaimsContext("fosite", "peter", "group0", "", time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{})) mySessionData := strategy.JWTSession{ diff --git a/handler/core/strategy/strategy_test.go b/handler/core/strategy/strategy_test.go index fb1e8c8b8..6b7c2633c 100644 --- a/handler/core/strategy/strategy_test.go +++ b/handler/core/strategy/strategy_test.go @@ -23,7 +23,7 @@ var j = &JWTStrategy{ }, } -var claims, claimsErr = jwthelper.NewClaimsContext("fosite", "peter", "group0", +var claims, claimsErr = jwthelper.NewClaimsContext("fosite", "peter", "group0", "", time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{})) var r = &fosite.Request{