Basic logout flow and better UX

internal/token/generate.go

@@ -11,10 +11,11 @@ const (
 )
 
 type privateClaims struct {
-	Challenge string `json:"challenge"`
+	Challenge  string `json:"challenge"`
+	RememberMe bool   `json:"remember"`
 }
 
-func Generate(signingKey, encryptionKey, email, challenge string) (string, error) {
+func Generate(signingKey, encryptionKey, email, challenge string, rememberMe bool) (string, error) {
 	sig, err := jose.NewSigner(
 		jose.SigningKey{
 			Algorithm: jose.HS256,
@@ -44,7 +45,8 @@ func Generate(signingKey, encryptionKey, email, challenge string) (string, error
 	}
 
 	privateClaims := privateClaims{
-		Challenge: challenge,
+		Challenge:  challenge,
+		RememberMe: rememberMe,
 	}
 
 	raw, err := jwt.SignedAndEncrypted(sig, enc).Claims(claims).Claims(privateClaims).CompactSerialize()

internal/token/verify.go

@@ -5,23 +5,23 @@ import (
 	"gopkg.in/square/go-jose.v2/jwt"
 )
 
-func Verify(signingKey, encryptionKey, raw string) (string, string, error) {
+func Verify(signingKey, encryptionKey, raw string) (string, string, bool, error) {
 	token, err := jwt.ParseSignedAndEncrypted(raw)
 	if err != nil {
-		return "", "", errors.Wrap(err, "could not parse token")
+		return "", "", false, errors.Wrap(err, "could not parse token")
 	}
 
 	nested, err := token.Decrypt([]byte(encryptionKey))
 	if err != nil {
-		return "", "", errors.Wrap(err, "could not decrypt token")
+		return "", "", false, errors.Wrap(err, "could not decrypt token")
 	}
 
 	baseClaims := jwt.Claims{}
 	privateClaims := privateClaims{}
 
 	if err := nested.Claims([]byte(signingKey), &baseClaims, &privateClaims); err != nil {
-		return "", "", errors.Wrap(err, "could not validate claims")
+		return "", "", false, errors.Wrap(err, "could not validate claims")
 	}
 
-	return baseClaims.Subject, privateClaims.Challenge, nil
+	return baseClaims.Subject, privateClaims.Challenge, privateClaims.RememberMe, nil
 }