Skip to content

Commit

Permalink
fix: pass JWK for singing so that KeyID is set in JWTs (#799)
Browse files Browse the repository at this point in the history
  • Loading branch information
mitar authored Sep 16, 2024
1 parent aa7c79e commit 11cc702
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 3 deletions.
4 changes: 2 additions & 2 deletions token/jwt/jwt.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,9 +48,9 @@ func (j *DefaultSigner) Generate(ctx context.Context, claims MapClaims, header M

switch t := key.(type) {
case *jose.JSONWebKey:
return generateToken(claims, header, jose.SignatureAlgorithm(t.Algorithm), t.Key)
return generateToken(claims, header, jose.SignatureAlgorithm(t.Algorithm), t)
case jose.JSONWebKey:
return generateToken(claims, header, jose.SignatureAlgorithm(t.Algorithm), t.Key)
return generateToken(claims, header, jose.SignatureAlgorithm(t.Algorithm), t)
case *rsa.PrivateKey:
return generateToken(claims, header, jose.RS256, t)
case *ecdsa.PrivateKey:
Expand Down
12 changes: 11 additions & 1 deletion token/jwt/jwt_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@ func TestGenerateJWT(t *testing.T) {
},
resetKey: func(strategy Signer) {
key = &jose.JSONWebKey{
KeyID: "test-id",
Key: gen.MustES521Key(),
Algorithm: "ES512",
}
Expand All @@ -129,7 +130,16 @@ func TestGenerateJWT(t *testing.T) {

token, sig, err := tc.strategy.Generate(context.TODO(), claims.ToMapClaims(), header)
require.NoError(t, err)
require.NotNil(t, token)
require.NotEmpty(t, token)
require.NotEmpty(t, sig)

decoded, err := tc.strategy.Decode(context.TODO(), token)
require.NoError(t, err)
require.NotNil(t, decoded)

if k, ok := key.(*jose.JSONWebKey); ok && k.KeyID != "" {
require.Equal(t, k.KeyID, decoded.Header["kid"])
}

sig, err = tc.strategy.Validate(context.TODO(), token)
require.NoError(t, err)
Expand Down

0 comments on commit 11cc702

Please sign in to comment.