hydra-passwordless/internal/token/generate.go

59 lines
1.3 KiB
Go
Raw Permalink Normal View History

2020-05-20 11:13:14 +02:00
package token
import (
"github.com/pkg/errors"
"gopkg.in/square/go-jose.v2"
"gopkg.in/square/go-jose.v2/jwt"
)
const (
jwtIssuer = "hydra-passwordless"
)
type privateClaims struct {
2020-05-26 11:11:53 +02:00
Challenge string `json:"challenge"`
RememberMe bool `json:"remember"`
2020-05-20 11:13:14 +02:00
}
2020-05-26 11:11:53 +02:00
func Generate(signingKey, encryptionKey, email, challenge string, rememberMe bool) (string, error) {
2020-05-20 11:13:14 +02:00
sig, err := jose.NewSigner(
jose.SigningKey{
Algorithm: jose.HS256,
Key: []byte(signingKey),
},
(&jose.SignerOptions{}).WithType("JWT"),
)
if err != nil {
return "", errors.Wrap(err, "could not create jwt signer")
}
enc, err := jose.NewEncrypter(
jose.A256GCM,
jose.Recipient{
Algorithm: jose.DIRECT,
Key: []byte(encryptionKey),
},
(&jose.EncrypterOptions{}).WithType("JWT").WithContentType("JWT"))
if err != nil {
return "", errors.Wrap(err, "could not create jwt encrypter")
}
claims := jwt.Claims{
Subject: email,
Issuer: jwtIssuer,
Audience: jwt.Audience{jwtIssuer},
}
privateClaims := privateClaims{
2020-05-26 11:11:53 +02:00
Challenge: challenge,
RememberMe: rememberMe,
2020-05-20 11:13:14 +02:00
}
raw, err := jwt.SignedAndEncrypted(sig, enc).Claims(claims).Claims(privateClaims).CompactSerialize()
if err != nil {
return "", errors.Wrap(err, "could not sign and encrypt jwt")
}
return raw, nil
}