webauthnutil: add helpers for webauthn (#2686)

* devices: add device protobuf types * webauthnutil: add helpers for webauthn
2025-08-04 01:09:36 +02:00 · 2021-10-19 13:39:01 -06:00 · 2021-10-19 13:39:01 -06:00 · 1c445c426d
commit 1c445c426d
parent 961bc8abb4
13 changed files with 872 additions and 2 deletions
--- a/pkg/webauthnutil/enrollment_token.go
+++ b/pkg/webauthnutil/enrollment_token.go
@ -0,0 +1,35 @@
+package webauthnutil
+
+import (
+	"time"
+
+	"github.com/google/uuid"
+
+	"github.com/pomerium/pomerium/pkg/cryptutil"
+)
+
+// NewEnrollmentToken creates a new EnrollmentToken.
+func NewEnrollmentToken(key []byte, ttl time.Duration, deviceEnrollmentID string) (string, error) {
+	id, err := uuid.Parse(deviceEnrollmentID)
+	if err != nil {
+		return "", err
+	}
+
+	secureToken := cryptutil.GenerateSecureToken(key, time.Now().Add(ttl), cryptutil.Token(id))
+	return secureToken.String(), nil
+}
+
+// ParseAndVerifyEnrollmentToken parses and verifies an enrollment token
+func ParseAndVerifyEnrollmentToken(key []byte, rawEnrollmentToken string) (string, error) {
+	secureToken, ok := cryptutil.SecureTokenFromString(rawEnrollmentToken)
+	if !ok {
+		return "", cryptutil.ErrInvalid
+	}
+
+	err := secureToken.Verify(key, time.Now())
+	if err != nil {
+		return "", err
+	}
+
+	return secureToken.Token().UUID().String(), nil
+}