github.com/louisevanderlith/droxolite@v1.20.2/open/bearer.go

github.com/louisevanderlith/droxolite@v1.20.2/open/bearer.go (about)

     1  package open
     2  
     3  import (
     4  	"errors"
     5  	jwtmiddleware "github.com/auth0/go-jwt-middleware"
     6  	"github.com/dgrijalva/jwt-go"
     7  )
     8  
     9  func BearerMiddleware(aud, iss string) *jwtmiddleware.JWTMiddleware {
    10  	return jwtmiddleware.New(jwtmiddleware.Options{
    11  		ValidationKeyGetter: func(token *jwt.Token) (interface{}, error) {
    12  			// Verify 'aud' claim
    13  			checkAud := token.Claims.(jwt.MapClaims).VerifyAudience(aud, false)
    14  			if !checkAud {
    15  				return token, errors.New("invalid audience")
    16  			}
    17  
    18  			// Verify 'iss' claim
    19  			checkIss := token.Claims.(jwt.MapClaims).VerifyIssuer(iss, false)
    20  			if !checkIss {
    21  				return token, errors.New("invalid issuer")
    22  			}
    23  
    24  			cert, err := getPemCert(iss, token)
    25  			if err != nil {
    26  				panic(err)
    27  			}
    28  
    29  			result, _ := jwt.ParseRSAPublicKeyFromPEM([]byte(cert))
    30  			return result, nil
    31  		},
    32  		SigningMethod: jwt.SigningMethodRS256,
    33  	})
    34  }