Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: Generate claims in the same way #522

Closed
wants to merge 1 commit into from
Closed

refactor: Generate claims in the same way #522

wants to merge 1 commit into from

Conversation

mitar
Copy link
Contributor

@mitar mitar commented Oct 28, 2020

Proposed changes

Just a bit of refactoring/code cleanup. Made sure that both OAuth JWT and OpenID JWT claims are generated in the same way. Also made order of field processing in the code the same so it is easier to compare.

Checklist

  • I have read the contributing guidelines and signed the CLA.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security vulnerability, I
    confirm that I got green light (please contact
    [email protected]) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature works.
  • I have added necessary documentation within the code base (if appropriate).

mitar
mitar commented Oct 28, 2020
View reviewed changes
token/jwt/claims_id_token.go
@@ -87,9 +106,6 @@ func (c *IDTokenClaims) ToMap() map[string]interface{} {
ret["amr"] = c.AuthenticationMethodsReference
}

ret["iat"] = float64(c.IssuedAt.Unix())
Copy link
Contributor Author

@mitar mitar Oct 28, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So iat in ID tokens was always added but in access tokens only if set.

I made it so that all fields are not set if empty. I think this is cleaner. I do not think you ever want to issue a token with claim with timestamp set to 0.

mitar
mitar commented Oct 28, 2020
View reviewed changes
token/jwt/claims_jwt_test.go
@@ -75,7 +75,7 @@ func TestAssert(t *testing.T) {
ToMapClaims().Valid())
assert.NotNil(t, (&JWTClaims{NotBefore: time.Now().UTC().Add(time.Hour)}).
ToMapClaims().Valid())
assert.NotNil(t, (&JWTClaims{NotBefore: time.Now().UTC().Add(-time.Hour)}).
assert.Nil(t, (&JWTClaims{NotBefore: time.Now().UTC().Add(-time.Hour)}).
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This changes because ExpiredAt is not 0 anymore.

aeneasr
aeneasr reviewed Oct 28, 2020
View reviewed changes
token/jwt/claims_id_token.go
@@ -49,16 +49,39 @@ type IDTokenClaims struct {
// ToMap will transform the headers to a map structure
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have similar concerns about this as here.

@aeneasr
Copy link
Member

aeneasr commented Nov 25, 2020

How should we proceed with this PR?

@mitar
Copy link
Contributor Author

mitar commented Nov 25, 2020

I will get back to this one shortly.

@aeneasr aeneasr added the stale Feedback from one or more authors is required to proceed. label Jan 11, 2021
@github-actions github-actions bot closed this Feb 13, 2021
@mitar mitar mentioned this pull request May 14, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aeneasr aeneasr aeneasr left review comments

Assignees
No one assigned
Labels
stale Feedback from one or more authors is required to proceed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mitar @aeneasr