diff --git a/README.md b/README.md index fb1e415..b2171ce 100644 --- a/README.md +++ b/README.md @@ -1,40 +1,42 @@ # jwk.go + Package jwk offer useful functions to handle, fetch and cache JWT public keys from a public -JSON Web Key store (IETF RFC 7517, see: https://tools.ietf.org/html/rfc7517) +JSON Web Key store (IETF RFC 7517, see: ) This package does not currently support the whole standard, but just the slim subset needed -for working with the Auth0 Json Web Key Stores: https://auth0.com/docs/jwks +for working with the Auth0 Json Web Key Stores: ## Example + ```go package main import ( - "fmt" - "log" + "fmt" + "log" - "github.com/serjlee/jwk-go" - "gopkg.in/square/go-jose.v2/jwt" + "github.com/serjlee/jwk-go" + "github.com/go-jose/go-jose/jwt" ) func main() { - keys := jwk.JSONWebKeys{ - JWKURL: "https://{your-auth0-domain}/.well-known/jwks.json", - } - key, err := keys.GetKey(t) - if err != nil { - log.Fatal(err) - } + keys := jwk.JSONWebKeys{ + JWKURL: "https://{your-auth0-domain}/.well-known/jwks.json", + } + key, err := keys.GetKey(t) + if err != nil { + log.Fatal(err) + } // that's your public key - fmt.Println(string(key)) - // you can use an helper function to get it with PEM headers - fmt.Println(key.PEM()) - - // parse and validate token - token := "your.jwt.token" - t, err := jwt.ParseSigned(token) - if err != nil { - log.Fatal(err) - } + fmt.Println(string(key)) + // you can use an helper function to get it with PEM headers + fmt.Println(key.PEM()) + + // parse and validate token + token := "your.jwt.token" + t, err := jwt.ParseSigned(token) + if err != nil { + log.Fatal(err) + } } -``` \ No newline at end of file +``` diff --git a/go.mod b/go.mod index 0c3fca0..950165d 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,4 @@ module github.com/serjlee/jwk-go go 1.13 -require ( - github.com/go-jose/go-jose/v3 v3.0.0 - github.com/pkg/errors v0.8.1 -) +require github.com/pkg/errors v0.8.1 diff --git a/go.sum b/go.sum index 5b4fb50..f29ab35 100644 --- a/go.sum +++ b/go.sum @@ -1,26 +1,2 @@ -github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo= -github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= -github.com/google/go-cmp v0.5.0 h1:/QaMHBdZ26BB3SSst0Iwl10Epc+xhTquomWX0oZEB6w= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7 h1:0hQKqeLdqlt5iIwVOBErRisrHJAN57yOiPRQItI20fU= -golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/jwk.go b/jwk.go index 78b05d6..893503d 100644 --- a/jwk.go +++ b/jwk.go @@ -25,7 +25,7 @@ // keys := jwk.JSONWebKeys{ // JWKURL: "https://{your-auth0-domain}/.well-known/jwks.json", // } -// key, err := keys.GetKey(t) +// key, err := keys.GetKey(t.Headers[0].KeyID) // if err != nil { // log.Fatal(err) // } @@ -47,7 +47,6 @@ import ( "sync" "time" - "github.com/go-jose/go-jose/v3/jwt" "github.com/pkg/errors" ) @@ -166,20 +165,15 @@ func (j *JSONWebKeys) GetKeys() (*Certs, error) { } // GetCertificate finds a matching cert for the given JWT -func (j *JSONWebKeys) GetKey(token *jwt.JSONWebToken) (Key, error) { +func (j *JSONWebKeys) GetKey(keyId string) (Key, error) { var cert Key certs, err := j.GetKeys() if err != nil { return cert, err } - for _, h := range token.Headers { - if key, ok := certs.Keys[h.KeyID]; ok { - cert = key - } - } - - if cert.Empty() { + var ok bool + if cert, ok = certs.Keys[keyId]; !ok { return cert, errors.New("Unable to find the appropriate key.") } diff --git a/jwk_test.go b/jwk_test.go index ce10293..9a267d1 100644 --- a/jwk_test.go +++ b/jwk_test.go @@ -6,9 +6,6 @@ import ( "testing" "time" - jose "github.com/go-jose/go-jose/v3" - "github.com/go-jose/go-jose/v3/jwt" - "github.com/pkg/errors" ) @@ -148,9 +145,10 @@ func TestGetKey(t *testing.T) { } j := JSONWebKeys{cachedCerts: testCerts} - token := jwt.JSONWebToken{Headers: []jose.Header{jose.Header{KeyID: testKid}}} - - key, err := j.GetKey(&token) + key, err := j.GetKey(testKid) + if err != nil { + t.Fatal(err) + } if key.PEM() != withPEMHeaders(testX5c) { t.Fatal(errors.New("token mismatch")) }