Refactor jwt.StandardClaims to RegisteredClaims (#18344)
* Refactor jwt.StandardClaims to RegisteredClaims go-jwt/jwt has deprecated the StandardClaims interface to use RegisteredClaims instead. This PR migrates to use this new format. Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Gusted <williamzijl7@hotmail.com>
This commit is contained in:
zeripath
GitHub
parent
54e9ee37a7
commit
44deae8f3d
5 changed files with 19 additions and 27 deletions
|
|
@ -149,9 +149,8 @@ func newAccessTokenResponse(grant *auth.OAuth2Grant, serverKey, clientKey oauth2
|
|||
accessToken := &oauth2.Token{
|
||||
GrantID: grant.ID,
|
||||
Type: oauth2.TypeAccessToken,
|
||||
// FIXME: Migrate to RegisteredClaims
|
||||
StandardClaims: jwt.StandardClaims{ //nolint
|
||||
ExpiresAt: expirationDate.AsTime().Unix(),
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
ExpiresAt: jwt.NewNumericDate(expirationDate.AsTime()),
|
||||
},
|
||||
}
|
||||
signedAccessToken, err := accessToken.SignToken(serverKey)
|
||||
|
|
@ -163,14 +162,13 @@ func newAccessTokenResponse(grant *auth.OAuth2Grant, serverKey, clientKey oauth2
|
|||
}
|
||||
|
||||
// generate refresh token to request an access token after it expired later
|
||||
refreshExpirationDate := timeutil.TimeStampNow().Add(setting.OAuth2.RefreshTokenExpirationTime * 60 * 60).AsTime().Unix()
|
||||
refreshExpirationDate := timeutil.TimeStampNow().Add(setting.OAuth2.RefreshTokenExpirationTime * 60 * 60).AsTime()
|
||||
refreshToken := &oauth2.Token{
|
||||
GrantID: grant.ID,
|
||||
Counter: grant.Counter,
|
||||
Type: oauth2.TypeRefreshToken,
|
||||
// FIXME: Migrate to RegisteredClaims
|
||||
StandardClaims: jwt.StandardClaims{ // nolint
|
||||
ExpiresAt: refreshExpirationDate,
|
||||
RegisteredClaims: jwt.RegisteredClaims{ // nolint
|
||||
ExpiresAt: jwt.NewNumericDate(refreshExpirationDate),
|
||||
},
|
||||
}
|
||||
signedRefreshToken, err := refreshToken.SignToken(serverKey)
|
||||
|
|
@ -207,11 +205,10 @@ func newAccessTokenResponse(grant *auth.OAuth2Grant, serverKey, clientKey oauth2
|
|||
}
|
||||
|
||||
idToken := &oauth2.OIDCToken{
|
||||
// FIXME: migrate to RegisteredClaims
|
||||
StandardClaims: jwt.StandardClaims{ //nolint
|
||||
ExpiresAt: expirationDate.AsTime().Unix(),
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
ExpiresAt: jwt.NewNumericDate(expirationDate.AsTime()),
|
||||
Issuer: setting.AppURL,
|
||||
Audience: app.ClientID,
|
||||
Audience: []string{app.ClientID},
|
||||
Subject: fmt.Sprint(grant.UserID),
|
||||
},
|
||||
Nonce: grant.Nonce,
|
||||
|
|
@ -329,8 +326,7 @@ func IntrospectOAuth(ctx *context.Context) {
|
|||
var response struct {
|
||||
Active bool `json:"active"`
|
||||
Scope string `json:"scope,omitempty"`
|
||||
// FIXME: Migrate to RegisteredClaims
|
||||
jwt.StandardClaims //nolint
|
||||
jwt.RegisteredClaims
|
||||
}
|
||||
|
||||
form := web.GetForm(ctx).(*forms.IntrospectTokenForm)
|
||||
|
|
@ -344,7 +340,7 @@ func IntrospectOAuth(ctx *context.Context) {
|
|||
response.Active = true
|
||||
response.Scope = grant.Scope
|
||||
response.Issuer = setting.AppURL
|
||||
response.Audience = app.ClientID
|
||||
response.Audience = []string{app.ClientID}
|
||||
response.Subject = fmt.Sprint(grant.UserID)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue