hydra-passwordless/internal/token/verify.go

28 lines
703 B
Go
Raw Normal View History

2020-05-20 11:13:14 +02:00
package token
import (
"github.com/pkg/errors"
"gopkg.in/square/go-jose.v2/jwt"
)
func Verify(signingKey, encryptionKey, raw string) (string, string, error) {
token, err := jwt.ParseSignedAndEncrypted(raw)
if err != nil {
return "", "", errors.Wrap(err, "could not parse token")
}
nested, err := token.Decrypt([]byte(encryptionKey))
if err != nil {
return "", "", errors.Wrap(err, "could not decrypt token")
}
baseClaims := jwt.Claims{}
privateClaims := privateClaims{}
if err := nested.Claims([]byte(signingKey), &baseClaims, &privateClaims); err != nil {
return "", "", errors.Wrap(err, "could not validate claims")
}
return baseClaims.Subject, privateClaims.Challenge, nil
}