Commit 342b7433 authored by Lukas Burgey's avatar Lukas Burgey
Browse files

Add inspection of JWT access tokens

Closes #5
parent 18556600
......@@ -16,6 +16,7 @@ import (
"time"
api "git.scc.kit.edu/feudal/feudalSSH/api"
jwt "github.com/dgrijalva/jwt-go"
sshclient "github.com/helloyi/go-sshclient"
kingpin "gopkg.in/alecthomas/kingpin.v2"
......@@ -273,6 +274,35 @@ func sshConnect(creds api.Credentials) {
}
// if the access token is a jwt we use the issuer contained in the information
// returns empty string if unable to inpect
func inspectAccessToken(at string) (issuerURI string) {
segments := strings.Split(at, ".")
if len(segments) == 3 {
payloadBytes, err := jwt.DecodeSegment(segments[1])
if err != nil {
return
}
var payloadBytesIndented = bytes.NewBuffer([]byte{})
if json.Indent(payloadBytesIndented, payloadBytes, "", " ") == nil {
log.Printf("JWT access token payload: %s", payloadBytesIndented.Bytes())
} else {
log.Printf("JWT access token payload: %s", payloadBytes)
}
payload := map[string]interface{}{}
if err := json.Unmarshal(payloadBytes, &payload); err != nil {
log.Fatal(err)
return
}
if issuer, ok := (payload)["iss"]; ok {
issuerURI, ok = issuer.(string)
return
}
}
return ""
}
func main() {
// Parse arguments
......@@ -282,8 +312,11 @@ func main() {
os.Exit(1)
}
log.Printf("Using issuer: %s", *issuerURI)
log.Printf("Using access token: %s", *accessToken)
if issuer := inspectAccessToken(*accessToken); issuer != "" {
*issuerURI = issuer
}
log.Printf("Using issuer: %s", *issuerURI)
var serviceID = findServiceID()
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment