authorize: add jti to JWT payload (#1328)

2025-08-06 10:21:05 +02:00 · 2020-08-24 15:35:16 -06:00 · 2020-08-24 15:35:16 -06:00 · 51bdf9baae
commit 51bdf9baae
parent fbd8c8f294
2 changed files with 7 additions and 0 deletions
--- a/authorize/evaluator/evaluator.go
+++ b/authorize/evaluator/evaluator.go
@ -206,6 +206,7 @@ func (e *Evaluator) JWTPayload(req *Request) map[string]interface{} {
 		payload["aud"] = u.Hostname()
 	}
 	if s, ok := req.DataBrokerData.Get("type.googleapis.com/session.Session", req.Session.ID).(*session.Session); ok {
 		payload["jti"] = s.GetId()
 		if tm, err := ptypes.Timestamp(s.GetIdToken().GetExpiresAt()); err == nil {
 			payload["exp"] = tm.Unix()
 		}
--- a/authorize/evaluator/evaluator_test.go
+++ b/authorize/evaluator/evaluator_test.go
@ -153,6 +153,7 @@ func TestEvaluator_JWTPayload(t *testing.T) {
 				DataBrokerData: DataBrokerData{
 					"type.googleapis.com/session.Session": map[string]interface{}{
 						"SESSION_ID": &session.Session{
 							Id: "SESSION_ID",
 							IdToken: &session.IDToken{
 								ExpiresAt: nowPb,
 								IssuedAt:  nowPb,
@ -167,6 +168,7 @@ func TestEvaluator_JWTPayload(t *testing.T) {
 			},
 			map[string]interface{}{
 				"iss": "authn.example.com",
 				"jti": "SESSION_ID",
 				"aud": "example.com",
 				"exp": now.Unix(),
 				"iat": now.Unix(),
@ -178,6 +180,7 @@ func TestEvaluator_JWTPayload(t *testing.T) {
 				DataBrokerData: DataBrokerData{
 					"type.googleapis.com/session.Session": map[string]interface{}{
 						"SESSION_ID": &session.Session{
 							Id:     "SESSION_ID",
 							UserId: "USER_ID",
 						},
 					},
@ -196,6 +199,7 @@ func TestEvaluator_JWTPayload(t *testing.T) {
 			},
 			map[string]interface{}{
 				"iss":   "authn.example.com",
 				"jti":   "SESSION_ID",
 				"aud":   "example.com",
 				"sub":   "USER_ID",
 				"user":  "USER_ID",
@ -208,6 +212,7 @@ func TestEvaluator_JWTPayload(t *testing.T) {
 				DataBrokerData: DataBrokerData{
 					"type.googleapis.com/session.Session": map[string]interface{}{
 						"SESSION_ID": &session.Session{
 							Id:     "SESSION_ID",
 							UserId: "USER_ID",
 						},
 					},
@ -237,6 +242,7 @@ func TestEvaluator_JWTPayload(t *testing.T) {
 			},
 			map[string]interface{}{
 				"iss":    "authn.example.com",
 				"jti":    "SESSION_ID",
 				"aud":    "example.com",
 				"groups": []string{"group1", "group2", "admin", "test"},
 			},