Skip to content

Commit

Permalink
Changed router/JWKS fetch order and use JWKSKeySet for verification
Browse files Browse the repository at this point in the history
  • Loading branch information
davidallendj committed May 6, 2024
1 parent 9158f7e commit e120474
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 16 deletions.
4 changes: 2 additions & 2 deletions cmd/boot-script-service/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -448,8 +448,6 @@ func main() {
}
log.Printf("Service %s started", serviceName)

router := initHandlers()

// try and fetch JWKS from issuer
if jwksURL != "" {
for i := uint64(0); i <= authRetryCount; i++ {
Expand All @@ -464,6 +462,8 @@ func main() {
}
}

router := initHandlers()

var svcOpts string
if insecure {
svcOpts = "insecure,"
Expand Down
21 changes: 8 additions & 13 deletions cmd/boot-script-service/oauth.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,7 @@ import (
"net/url"
"time"

"github.com/go-chi/jwtauth/v5"
"github.com/lestrrat-go/jwx/jwa"
"github.com/OpenCHAMI/jwtauth/v5"
"github.com/lestrrat-go/jwx/jwk"
"github.com/lestrrat-go/jwx/jwt"
)
Expand Down Expand Up @@ -63,17 +62,13 @@ func fetchPublicKey(url string) error {
if err != nil {
return fmt.Errorf("%v", err)
}
for it := set.Iterate(context.Background()); it.Next(context.Background()); {
pair := it.Pair()
key := pair.Value.(jwk.Key)

var rawkey interface{}
if err := key.Raw(&rawkey); err != nil {
continue
}

tokenAuth = jwtauth.New(jwa.RS256.String(), nil, rawkey)
return nil
jwks, err := json.Marshal(set)
if err != nil {
return fmt.Errorf("failed to marshal JWKS: %v", err)
}
s.tokenAuth, err = jwtauth.NewKeySet(jwks)
if err != nil {
return fmt.Errorf("failed to initialize JWKS: %v", err)
}

return fmt.Errorf("failed to load public key: %v", err)
Expand Down
2 changes: 1 addition & 1 deletion cmd/boot-script-service/routers.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,9 @@ import (
"time"

base "github.com/Cray-HPE/hms-base"
"github.com/OpenCHAMI/jwtauth/v5"
"github.com/go-chi/chi/middleware"
"github.com/go-chi/chi/v5"
"github.com/go-chi/jwtauth/v5"
)

const (
Expand Down

0 comments on commit e120474

Please sign in to comment.