keyfunc.go

Documentation: github.com/MicahParks/keyfunc

     1  package keyfunc
     2  
     3  import (
     4  	"encoding/base64"
     5  	"errors"
     6  	"fmt"
     7  	"strings"
     8  
     9  	"github.com/golang-jwt/jwt/v4"
    10  )
    11  
    12  var (
    13  	// ErrKID indicates that the JWT had an invalid kid.
    14  	ErrKID = errors.New("the JWT has an invalid kid")
    15  )
    16  
    17  // Keyfunc matches the signature of github.com/golang-jwt/jwt/v4's jwt.Keyfunc function.
    18  func (j *JWKS) Keyfunc(token *jwt.Token) (interface{}, error) {
    19  	kidInter, ok := token.Header["kid"]
    20  	if !ok {
    21  		return nil, fmt.Errorf("%w: could not find kid in JWT header", ErrKID)
    22  	}
    23  	kid, ok := kidInter.(string)
    24  	if !ok {
    25  		return nil, fmt.Errorf("%w: could not convert kid in JWT header to string", ErrKID)
    26  	}
    27  
    28  	return j.getKey(kid)
    29  }
    30  
    31  // base64urlTrailingPadding removes trailing padding before decoding a string from base64url. Some non-RFC compliant
    32  // JWKS contain padding at the end values for base64url encoded public keys.
    33  //
    34  // Trailing padding is required to be removed from base64url encoded keys.
    35  // RFC 7517 defines base64url the same as RFC 7515 Section 2:
    36  // https://datatracker.ietf.org/doc/html/rfc7517#section-1.1
    37  // https://datatracker.ietf.org/doc/html/rfc7515#section-2
    38  func base64urlTrailingPadding(s string) ([]byte, error) {
    39  	s = strings.TrimRight(s, "=")
    40  	return base64.RawURLEncoding.DecodeString(s)
    41  }
    42
View as plain text