54 lines
1.3 KiB
Go
54 lines
1.3 KiB
Go
package jwtutil
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/lestrrat-go/jwx/v2/jwa"
|
|
"github.com/lestrrat-go/jwx/v2/jwk"
|
|
"github.com/lestrrat-go/jwx/v2/jws"
|
|
"github.com/lestrrat-go/jwx/v2/jwt"
|
|
"github.com/oklog/ulid/v2"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
func SignedToken(key jwk.Key, signingAlgorithm jwa.SignatureAlgorithm, claims map[string]any) ([]byte, error) {
|
|
token := jwt.New()
|
|
|
|
if err := token.Set(jwt.NotBeforeKey, time.Now()); err != nil {
|
|
return nil, errors.WithStack(err)
|
|
}
|
|
|
|
if err := token.Set(jwt.JwtIDKey, ulid.Make().String()); err != nil {
|
|
return nil, errors.WithStack(err)
|
|
}
|
|
|
|
for key, value := range claims {
|
|
if err := token.Set(key, value); err != nil {
|
|
return nil, errors.Wrapf(err, "could not set claim '%s' with value '%v'", key, value)
|
|
}
|
|
}
|
|
|
|
if err := token.Set(jwk.AlgorithmKey, signingAlgorithm); err != nil {
|
|
return nil, errors.WithStack(err)
|
|
}
|
|
|
|
rawToken, err := jwt.Sign(token, jwt.WithKey(signingAlgorithm, key))
|
|
if err != nil {
|
|
return nil, errors.WithStack(err)
|
|
}
|
|
|
|
return rawToken, nil
|
|
}
|
|
|
|
func Parse(rawToken []byte, keySet jwk.Set) (jwt.Token, error) {
|
|
token, err := jwt.Parse(rawToken,
|
|
jwt.WithKeySet(keySet, jws.WithRequireKid(false)),
|
|
jwt.WithValidate(true),
|
|
)
|
|
if err != nil {
|
|
return nil, errors.WithStack(err)
|
|
}
|
|
|
|
return token, nil
|
|
}
|