Add inspection of JWT access tokens

Closes #5

Add inspection of JWT access tokens
Closes #5
342b7433 · Lukas Burgey · 18556600 · 342b7433
Commit 342b7433 authored Feb 28, 2019 by Lukas Burgey
--- a/main.go
+++ b/main.go
@@ -16,6 +16,7 @@ import (
 	"time"

 	api "git.scc.kit.edu/feudal/feudalSSH/api"
+	jwt "github.com/dgrijalva/jwt-go"
 	sshclient "github.com/helloyi/go-sshclient"

 	kingpin "gopkg.in/alecthomas/kingpin.v2"
@@ -273,6 +274,35 @@ func sshConnect(creds api.Credentials) {

 }

+// if the access token is a jwt we use the issuer contained in the information
+// returns empty string if unable to inpect
+func inspectAccessToken(at string) (issuerURI string) {
+	segments := strings.Split(at, ".")
+
+	if len(segments) == 3 {
+		payloadBytes, err := jwt.DecodeSegment(segments[1])
+		if err != nil {
+			return
+		}
+		var payloadBytesIndented = bytes.NewBuffer([]byte{})
+		if json.Indent(payloadBytesIndented, payloadBytes, "", "    ") == nil {
+			log.Printf("JWT access token payload: %s", payloadBytesIndented.Bytes())
+		} else {
+			log.Printf("JWT access token payload: %s", payloadBytes)
+		}
+		payload := map[string]interface{}{}
+		if err := json.Unmarshal(payloadBytes, &payload); err != nil {
+			log.Fatal(err)
+			return
+		}
+		if issuer, ok := (payload)["iss"]; ok {
+			issuerURI, ok = issuer.(string)
+			return
+		}
+	}
+	return ""
+}
+
 func main() {

 	// Parse arguments
@@ -282,8 +312,11 @@ func main() {
 		os.Exit(1)
 	}

-	log.Printf("Using issuer:       %s", *issuerURI)
 	log.Printf("Using access token: %s", *accessToken)
+	if issuer := inspectAccessToken(*accessToken); issuer != "" {
+		*issuerURI = issuer
+	}
+	log.Printf("Using issuer: %s", *issuerURI)

 	var serviceID = findServiceID()