github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-09 01:47:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: set jwt ID for client assertion to prevent token replay

Browse Source
This commit is contained in:
Trong Huu Nguyen
2021-09-30 15:38:23 +02:00
parent 2ec1b7ace9
commit 8f9cb671c6
2 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/config/assertion.go
View File

@@ -2,6 +2,7 @@ package config
import (
"encoding/json"
"github.com/google/uuid"
"github.com/nais/wonderwall/pkg/token"
"gopkg.in/square/go-jose.v2"
"time"
@@ -31,6 +32,7 @@ func (cfg *IDPorten) SignedJWTProfileAssertion(expiration time.Duration) (string
Scopes: token.ScopeOpenID,
ExpiresAt: exp.Unix(),
IssuedAt: iat.Unix(),
JwtID: uuid.New().String(),
}
payload, err := json.Marshal(jwtRequest)

1
pkg/token/token.go
View File

@@ -20,6 +20,7 @@ type JWTTokenRequest struct {
Audience string `json:"aud"`
IssuedAt int64 `json:"iat"`
ExpiresAt int64 `json:"exp"`
JwtID string `json:"jti"`
}
type IDToken struct {