Signed-off-by: Gabriel Robertson <overminddl1@gmail.com>
This commit is contained in:
parent
364c029246
commit
07af31d004
2 changed files with 32 additions and 4 deletions
6
Gopkg.lock
generated
6
Gopkg.lock
generated
|
@ -547,7 +547,7 @@
|
||||||
revision = "e3534c89ef969912856dfa39e56b09e58c5f5daf"
|
revision = "e3534c89ef969912856dfa39e56b09e58c5f5daf"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:fb22af9d8c1a6166ad299705648db460ba2c28a830f7f6cdd830019d7c3fd96f"
|
digest = "1:23f75ae90fcc38dac6fad6881006ea7d0f2c78db5f9f81f3df558dc91460e61f"
|
||||||
name = "github.com/markbates/goth"
|
name = "github.com/markbates/goth"
|
||||||
packages = [
|
packages = [
|
||||||
".",
|
".",
|
||||||
|
@ -562,8 +562,8 @@
|
||||||
"providers/twitter",
|
"providers/twitter",
|
||||||
]
|
]
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "4933f155d89c3c52ab4ca545c6602cf4a1e87913"
|
revision = "f9c6649ab984d6ea71ef1e13b7b1cdffcf4592d3"
|
||||||
version = "1.45.5"
|
version = "v1.46.1"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:3ef954101983406a71171c4dc816a73e01bb3de608b3dd063627aa67a459f3e3"
|
digest = "1:3ef954101983406a71171c4dc816a73e01bb3de608b3dd063627aa67a459f3e3"
|
||||||
|
|
28
vendor/github.com/markbates/goth/providers/openidConnect/openidConnect.go
generated
vendored
28
vendor/github.com/markbates/goth/providers/openidConnect/openidConnect.go
generated
vendored
|
@ -200,8 +200,18 @@ func (p *Provider) RefreshToken(refreshToken string) (*oauth2.Token, error) {
|
||||||
func (p *Provider) validateClaims(claims map[string]interface{}) (time.Time, error) {
|
func (p *Provider) validateClaims(claims map[string]interface{}) (time.Time, error) {
|
||||||
audience := getClaimValue(claims, []string{audienceClaim})
|
audience := getClaimValue(claims, []string{audienceClaim})
|
||||||
if audience != p.ClientKey {
|
if audience != p.ClientKey {
|
||||||
|
found := false
|
||||||
|
audiences := getClaimValues(claims, []string{audienceClaim})
|
||||||
|
for _, aud := range audiences {
|
||||||
|
if aud == p.ClientKey {
|
||||||
|
found = true
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if !found {
|
||||||
return time.Time{}, errors.New("audience in token does not match client key")
|
return time.Time{}, errors.New("audience in token does not match client key")
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
issuer := getClaimValue(claims, []string{issuerClaim})
|
issuer := getClaimValue(claims, []string{issuerClaim})
|
||||||
if issuer != p.openIDConfig.Issuer {
|
if issuer != p.openIDConfig.Issuer {
|
||||||
|
@ -355,6 +365,24 @@ func getClaimValue(data map[string]interface{}, claims []string) string {
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func getClaimValues(data map[string]interface{}, claims []string) []string {
|
||||||
|
var result []string
|
||||||
|
|
||||||
|
for _, claim := range claims {
|
||||||
|
if value, ok := data[claim]; ok {
|
||||||
|
if stringValues, ok := value.([]interface{}); ok {
|
||||||
|
for _, stringValue := range stringValues {
|
||||||
|
if s, ok := stringValue.(string); ok && len(s) > 0 {
|
||||||
|
result = append(result, s)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return result
|
||||||
|
}
|
||||||
|
|
||||||
// decodeJWT decodes a JSON Web Token into a simple map
|
// decodeJWT decodes a JSON Web Token into a simple map
|
||||||
// http://openid.net/specs/draft-jones-json-web-token-07.html
|
// http://openid.net/specs/draft-jones-json-web-token-07.html
|
||||||
func decodeJWT(jwt string) (map[string]interface{}, error) {
|
func decodeJWT(jwt string) (map[string]interface{}, error) {
|
||||||
|
|
Loading…
Reference in a new issue