fix: capture aud in JWTVerifyToken

This commit is contained in:
Derrick Hammer 2024-03-20 14:13:59 -04:00
parent 7616d9f7c9
commit 9e170bae0d
Signed by: pcfreak30
GPG Key ID: C997C339BE476FF2
1 changed files with 5 additions and 1 deletions

View File

@ -127,9 +127,13 @@ func AuthMiddleware(options AuthMiddlewareOptions) func(http.Handler) http.Handl
return return
} }
var audList jwt.ClaimStrings
claim, err := account.JWTVerifyToken(authToken, domain, options.Identity, func(claim *jwt.RegisteredClaims) error { claim, err := account.JWTVerifyToken(authToken, domain, options.Identity, func(claim *jwt.RegisteredClaims) error {
aud, _ := claim.GetAudience() aud, _ := claim.GetAudience()
audList = aud
if options.Purpose != account.JWTPurposeNone && jwtPurposeEqual(aud, options.Purpose) == false { if options.Purpose != account.JWTPurposeNone && jwtPurposeEqual(aud, options.Purpose) == false {
return account.ErrJWTInvalid return account.ErrJWTInvalid
} }
@ -143,7 +147,7 @@ func AuthMiddleware(options AuthMiddlewareOptions) func(http.Handler) http.Handl
unauthorized = false unauthorized = false
} }
if unauthorized && jwtPurposeEqual(claim.Audience, options.Purpose) == true { if unauthorized && jwtPurposeEqual(audList, options.Purpose) == true {
http.Error(w, err.Error(), http.StatusUnauthorized) http.Error(w, err.Error(), http.StatusUnauthorized)
} }
return return