package token import ( "github.com/pkg/errors" "gopkg.in/square/go-jose.v2/jwt" ) func Verify(signingKey, encryptionKey, raw string) (string, string, error) { token, err := jwt.ParseSignedAndEncrypted(raw) if err != nil { return "", "", errors.Wrap(err, "could not parse token") } nested, err := token.Decrypt([]byte(encryptionKey)) if err != nil { return "", "", errors.Wrap(err, "could not decrypt token") } baseClaims := jwt.Claims{} privateClaims := privateClaims{} if err := nested.Claims([]byte(signingKey), &baseClaims, &privateClaims); err != nil { return "", "", errors.Wrap(err, "could not validate claims") } return baseClaims.Subject, privateClaims.Challenge, nil }