3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-19 01:28:51 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: include "kid" in JWT header (#1049)

Browse source 
Fixes #1046
This commit is contained in:
Cuong Manh Le 2020-07-09 12:39:53 +07:00 committed by GitHub
parent 6f3817aee5
commit d40f294586
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 34 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

23
authorize/evaluator/evaluator_test.go
View file

@ -12,6 +12,7 @@ import (
"github.com/google/uuid"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"gopkg.in/square/go-jose.v2/jwt"
"github.com/pomerium/pomerium/config"
"github.com/pomerium/pomerium/pkg/grpc/databroker"
@ -88,6 +89,28 @@ func TestEvaluator_SignedJWT(t *testing.T) {
assert.NotEmpty(t, payload)
}
func TestEvaluator_JWTWithKID(t *testing.T) {
opt := config.NewDefaultOptions()
opt.AuthenticateURL = mustParseURL("https://authenticate.example.com")
opt.SigningKey = "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUpCMFZkbko1VjEvbVlpYUlIWHhnd2Q0Yzd5YWRTeXMxb3Y0bzA1b0F3ekdvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVUc1eENQMEpUVDFINklvbDhqS3VUSVBWTE0wNENnVzlQbEV5cE5SbVdsb29LRVhSOUhUMwpPYnp6aktZaWN6YjArMUt3VjJmTVRFMTh1dy82MXJVQ0JBPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo="
e, err := New(opt)
require.NoError(t, err)
req := &Request{
HTTP: RequestHTTP{
Method: http.MethodGet,
URL: "https://example.com",
},
}
signedJWT, err := e.SignedJWT(req)
require.NoError(t, err)
assert.NotEmpty(t, signedJWT)
tok, err := jwt.ParseSigned(signedJWT)
require.NoError(t, err)
require.Len(t, tok.Headers, 1)
assert.Equal(t, "5b419ade1895fec2d2def6cd33b1b9a018df60db231dc5ecb85cbed6d942813c", tok.Headers[0].KeyID)
}
func mustParseURL(str string) *url.URL {
u, err := url.Parse(str)
if err != nil {