Update auth_jwt plugin to use RegisteredClaims

movio · Nov 11, 2024 · c9f1ceb · c9f1ceb
1 parent 5147a41
commit c9f1ceb
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 15 deletions.
diff --git a/plugins/auth_jwt.go b/plugins/auth_jwt.go
@@ -9,6 +9,7 @@ import (
 	log "log/slog"
 	"net/http"
 	"os"
+	"strings"
 
 	"github.com/go-jose/go-jose/v4"
 	"github.com/golang-jwt/jwt/v4"
@@ -109,7 +110,7 @@ func (p *JWTPlugin) Configure(cfg *bramble.Config, data json.RawMessage) error {
 }
 
 type Claims struct {
-	jwt.StandardClaims
+	jwt.RegisteredClaims
 	Role string
 }
 
@@ -159,18 +160,18 @@ func (p *JWTPlugin) ApplyMiddlewarePublicMux(h http.Handler) http.Handler {
 
 		ctx := r.Context()
 		ctx = bramble.AddPermissionsToContext(ctx, role)
-		ctx = addStandardJWTClaimsToOutgoingRequest(ctx, claims.StandardClaims)
+		ctx = addStandardJWTClaimsToOutgoingRequest(ctx, claims.RegisteredClaims)
 		ctx = bramble.AddOutgoingRequestsHeaderToContext(ctx, "JWT-Claim-Role", claims.Role)
 		h.ServeHTTP(rw, r.WithContext(ctx))
 	})
 }
 
-func addStandardJWTClaimsToOutgoingRequest(ctx context.Context, claims jwt.StandardClaims) context.Context {
-	if claims.Audience != "" {
-		ctx = bramble.AddOutgoingRequestsHeaderToContext(ctx, "JWT-Claim-Audience", claims.Audience)
+func addStandardJWTClaimsToOutgoingRequest(ctx context.Context, claims jwt.RegisteredClaims) context.Context {
+	if len(claims.Audience) > 0 {
+		ctx = bramble.AddOutgoingRequestsHeaderToContext(ctx, "JWT-Claim-Audience", strings.Join(claims.Audience, ","))
 	}
-	if claims.Id != "" {
-		ctx = bramble.AddOutgoingRequestsHeaderToContext(ctx, "JWT-Claim-ID", claims.Id)
+	if claims.ID != "" {
+		ctx = bramble.AddOutgoingRequestsHeaderToContext(ctx, "JWT-Claim-ID", claims.ID)
 	}
 	if claims.Issuer != "" {
 		ctx = bramble.AddOutgoingRequestsHeaderToContext(ctx, "JWT-Claim-Issuer", claims.Issuer)

diff --git a/plugins/auth_jwt_test.go b/plugins/auth_jwt_test.go
@@ -69,9 +69,9 @@ func TestJWTPlugin(t *testing.T) {
 
 		token, err := jwt.NewWithClaims(jwt.SigningMethodRS256, &Claims{
 			Role: "basic_role",
-			StandardClaims: jwt.StandardClaims{
-				Audience: "test-audience",
-				Id:       "test-id",
+			RegisteredClaims: jwt.RegisteredClaims{
+				Audience: jwt.ClaimStrings{"test-audience"},
+				ID:       "test-id",
 				Issuer:   "test-issuer",
 				Subject:  "test-subject",
 			},
@@ -104,8 +104,8 @@ func TestJWTPlugin(t *testing.T) {
 		require.NoError(t, err)
 
 		token, err := jwt.NewWithClaims(jwt.SigningMethodRS256, &Claims{
-			StandardClaims: jwt.StandardClaims{
-				ExpiresAt: time.Now().Add(-1 * time.Second).Unix(),
+			RegisteredClaims: jwt.RegisteredClaims{
+				ExpiresAt: jwt.NewNumericDate(time.Now().Add(-1 * time.Second)),
 			},
 			Role: "basic_role",
 		}).SignedString(privateKey)
@@ -182,9 +182,9 @@ func TestJWTPlugin(t *testing.T) {
 
 		token := jwt.NewWithClaims(jwt.SigningMethodRS256, &Claims{
 			Role: "basic_role",
-			StandardClaims: jwt.StandardClaims{
-				Audience: "test-audience",
-				Id:       "test-id",
+			RegisteredClaims: jwt.RegisteredClaims{
+				Audience: jwt.ClaimStrings{"test-audience"},
+				ID:       "test-id",
 				Issuer:   "test-issuer",
 				Subject:  "test-subject",
 			},