additional verification, better key matching
This commit is contained in:
parent
f0e1a7d0e5
commit
9764aa3292
|
@ -10,7 +10,7 @@ defmodule BallsPDS.JWT do
|
|||
generate_jwk(raw_private_key)
|
||||
end
|
||||
|
||||
def generate_jwk(raw_private_key) when is_binary(raw_private_key) do
|
||||
def generate_jwk(<<raw_private_key::binary-size(32)>>) do
|
||||
public_key = :crypto.generate_key(:eddsa, :ed25519, raw_private_key) |> elem(0)
|
||||
|
||||
%{
|
||||
|
@ -91,11 +91,18 @@ defmodule BallsPDS.JWT do
|
|||
public_jwk = Map.drop(jwk, ["d"])
|
||||
signer = Joken.Signer.create("EdDSA", public_jwk)
|
||||
|
||||
Logger.debug("KID: #{get_kid(jwt)}")
|
||||
|
||||
case Joken.verify_and_validate(public_jwk, jwt, signer) do
|
||||
{:ok, claims} -> {:ok, claims}
|
||||
{:error, reason} -> {:error, reason}
|
||||
end
|
||||
end
|
||||
|
||||
def verify_jwt(jwt, jwk, subject) when is_binary(subject) do
|
||||
case verify_jwt(jwt, jwk) do
|
||||
{:ok, claims = %{"sub" => ^subject}} -> {:ok, claims}
|
||||
{:ok, %{"sub" => _wrong_subject}} -> {:error, :wrong_subject}
|
||||
{:ok, _claims} -> {:error, :missing_subject}
|
||||
error = {:error, _} -> error
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue