From 5665b81d92f2d5b25a57a999f04742ca92cf3964 Mon Sep 17 00:00:00 2001 From: kpacha Date: Tue, 2 Apr 2024 19:37:54 +0200 Subject: [PATCH 1/2] accept a configurable leeway for the token validation --- go.mod | 2 +- go.sum | 4 ++-- jose.go | 9 ++++++++- jws.go | 1 + 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 47d3ac4..d433595 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.17 require ( github.com/gin-gonic/gin v1.8.2 - github.com/krakend/go-auth0 v1.0.0 + github.com/krakend/go-auth0 v1.0.1-0.20240402170634-a8ab0691698c github.com/luraproject/lura/v2 v2.0.5 gocloud.dev v0.28.0 gocloud.dev/secrets/hashivault v0.28.0 diff --git a/go.sum b/go.sum index c8dcc38..33e4082 100644 --- a/go.sum +++ b/go.sum @@ -1370,8 +1370,8 @@ github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/krakend/go-auth0 v1.0.0 h1:dewhsVnquDStTXaRY5OOCL+i4oe+qKbDpaNz9D6Kzuk= -github.com/krakend/go-auth0 v1.0.0/go.mod h1:lJtS6u8y1mai4lFcE3JC2oSDQaNo2aXexTS0cqTblZU= +github.com/krakend/go-auth0 v1.0.1-0.20240402170634-a8ab0691698c h1:zIkZq9e5aXVVuZXmZgWx8J/u/i2VAbLxEmmA5BdLhXQ= +github.com/krakend/go-auth0 v1.0.1-0.20240402170634-a8ab0691698c/go.mod h1:lJtS6u8y1mai4lFcE3JC2oSDQaNo2aXexTS0cqTblZU= github.com/krakendio/flatmap v1.1.1 h1:rGBNVpBY0pMk6cLOwerVzoKY4HELnpu0xvqB231lOCQ= github.com/krakendio/flatmap v1.1.1/go.mod h1:KBuVkiH5BcBFRa5A1HdSHDn8a8LzsyRTKZArX0vqTbo= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= diff --git a/jose.go b/jose.go index 655401c..fed6980 100644 --- a/jose.go +++ b/jose.go @@ -6,6 +6,7 @@ import ( "math" "net/http" "strings" + "time" "github.com/krakend/go-auth0" "github.com/luraproject/lura/v2/proxy" @@ -51,7 +52,12 @@ func NewValidator(signatureConfig *SignatureConfig, cookieEf, headerEf Extractor return nil, err } - return auth0.NewValidator( + leeway, err := time.ParseDuration(signatureConfig.Leeway) + if err != nil { + leeway = time.Second + } + + return auth0.NewValidatorWithLeeway( auth0.NewConfiguration( sp, signatureConfig.Audience, @@ -59,6 +65,7 @@ func NewValidator(signatureConfig *SignatureConfig, cookieEf, headerEf Extractor sa, ), te, + leeway, ), nil } diff --git a/jws.go b/jws.go index 7b791a6..12cb217 100644 --- a/jws.go +++ b/jws.go @@ -42,6 +42,7 @@ type SignatureConfig struct { ScopesMatcher string `json:"scopes_matcher,omitempty"` KeyIdentifyStrategy string `json:"key_identify_strategy"` OperationDebug bool `json:"operation_debug,omitempty"` + Leeway string `json:"leeway"` } type SignerConfig struct { From ead1963fc03e76c8e33e123c339f53754a154734 Mon Sep 17 00:00:00 2001 From: kpacha Date: Thu, 4 Apr 2024 14:30:15 +0200 Subject: [PATCH 2/2] deps version fixed --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d433595..48e8a9b 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.17 require ( github.com/gin-gonic/gin v1.8.2 - github.com/krakend/go-auth0 v1.0.1-0.20240402170634-a8ab0691698c + github.com/krakend/go-auth0 v1.1.0 github.com/luraproject/lura/v2 v2.0.5 gocloud.dev v0.28.0 gocloud.dev/secrets/hashivault v0.28.0 diff --git a/go.sum b/go.sum index 33e4082..d0c8ca6 100644 --- a/go.sum +++ b/go.sum @@ -1370,8 +1370,8 @@ github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/krakend/go-auth0 v1.0.1-0.20240402170634-a8ab0691698c h1:zIkZq9e5aXVVuZXmZgWx8J/u/i2VAbLxEmmA5BdLhXQ= -github.com/krakend/go-auth0 v1.0.1-0.20240402170634-a8ab0691698c/go.mod h1:lJtS6u8y1mai4lFcE3JC2oSDQaNo2aXexTS0cqTblZU= +github.com/krakend/go-auth0 v1.1.0 h1:3/OUeVB5vu94tZgU8gzO4gv1W0tV3/kmPSaEXQodYsM= +github.com/krakend/go-auth0 v1.1.0/go.mod h1:lJtS6u8y1mai4lFcE3JC2oSDQaNo2aXexTS0cqTblZU= github.com/krakendio/flatmap v1.1.1 h1:rGBNVpBY0pMk6cLOwerVzoKY4HELnpu0xvqB231lOCQ= github.com/krakendio/flatmap v1.1.1/go.mod h1:KBuVkiH5BcBFRa5A1HdSHDn8a8LzsyRTKZArX0vqTbo= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=