hydra-passwordless/internal/token/verify.go

package token

import (
	"github.com/pkg/errors"
	"gopkg.in/square/go-jose.v2/jwt"
)

func Verify(signingKey, encryptionKey, raw string) (string, string, error) {
	token, err := jwt.ParseSignedAndEncrypted(raw)
	if err != nil {
		return "", "", errors.Wrap(err, "could not parse token")
	}

	nested, err := token.Decrypt([]byte(encryptionKey))
	if err != nil {
		return "", "", errors.Wrap(err, "could not decrypt token")
	}

	baseClaims := jwt.Claims{}
	privateClaims := privateClaims{}

	if err := nested.Claims([]byte(signingKey), &baseClaims, &privateClaims); err != nil {
		return "", "", errors.Wrap(err, "could not validate claims")
	}

	return baseClaims.Subject, privateClaims.Challenge, nil
}
Basic but complete authentication flow 2020-05-20 11:13:14 +02:00			`package token`

			`import (`
			`"github.com/pkg/errors"`
			`"gopkg.in/square/go-jose.v2/jwt"`
			`)`

			`func Verify(signingKey, encryptionKey, raw string) (string, string, error) {`
			`token, err := jwt.ParseSignedAndEncrypted(raw)`
			`if err != nil {`
			`return "", "", errors.Wrap(err, "could not parse token")`
			`}`

			`nested, err := token.Decrypt([]byte(encryptionKey))`
			`if err != nil {`
			`return "", "", errors.Wrap(err, "could not decrypt token")`
			`}`

			`baseClaims := jwt.Claims{}`
			`privateClaims := privateClaims{}`

			`if err := nested.Claims([]byte(signingKey), &baseClaims, &privateClaims); err != nil {`
			`return "", "", errors.Wrap(err, "could not validate claims")`
			`}`

			`return baseClaims.Subject, privateClaims.Challenge, nil`
			`}`