fix: capture aud in JWTVerifyToken
This commit is contained in:
parent
7616d9f7c9
commit
9e170bae0d
|
@ -127,9 +127,13 @@ func AuthMiddleware(options AuthMiddlewareOptions) func(http.Handler) http.Handl
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var audList jwt.ClaimStrings
|
||||||
|
|
||||||
claim, err := account.JWTVerifyToken(authToken, domain, options.Identity, func(claim *jwt.RegisteredClaims) error {
|
claim, err := account.JWTVerifyToken(authToken, domain, options.Identity, func(claim *jwt.RegisteredClaims) error {
|
||||||
aud, _ := claim.GetAudience()
|
aud, _ := claim.GetAudience()
|
||||||
|
|
||||||
|
audList = aud
|
||||||
|
|
||||||
if options.Purpose != account.JWTPurposeNone && jwtPurposeEqual(aud, options.Purpose) == false {
|
if options.Purpose != account.JWTPurposeNone && jwtPurposeEqual(aud, options.Purpose) == false {
|
||||||
return account.ErrJWTInvalid
|
return account.ErrJWTInvalid
|
||||||
}
|
}
|
||||||
|
@ -143,7 +147,7 @@ func AuthMiddleware(options AuthMiddlewareOptions) func(http.Handler) http.Handl
|
||||||
unauthorized = false
|
unauthorized = false
|
||||||
}
|
}
|
||||||
|
|
||||||
if unauthorized && jwtPurposeEqual(claim.Audience, options.Purpose) == true {
|
if unauthorized && jwtPurposeEqual(audList, options.Purpose) == true {
|
||||||
http.Error(w, err.Error(), http.StatusUnauthorized)
|
http.Error(w, err.Error(), http.StatusUnauthorized)
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
|
|
Loading…
Reference in New Issue