From 068b5f2221dd2e83906d6d955682a50717316e5c Mon Sep 17 00:00:00 2001 From: James Elliott Date: Sun, 8 Dec 2024 20:32:10 +1100 Subject: [PATCH] refactor: log --- handler/oauth2/strategy_jwt_profile.go | 8 ++++++++ token/jwt/header.go | 9 +++++++++ token/jwt/jwt_strategy.go | 11 ++++++++++- token/jwt/jwt_strategy_opts.go | 24 ++++++++---------------- token/jwt/util.go | 4 ++++ 5 files changed, 39 insertions(+), 17 deletions(-) diff --git a/handler/oauth2/strategy_jwt_profile.go b/handler/oauth2/strategy_jwt_profile.go index 1d0d105f..35463bda 100644 --- a/handler/oauth2/strategy_jwt_profile.go +++ b/handler/oauth2/strategy_jwt_profile.go @@ -47,11 +47,15 @@ func (s *JWTProfileCoreStrategy) GenerateAccessToken(ctx context.Context, reques enforce := s.Config.GetEnforceJWTProfileAccessTokens(ctx) if client, ok = requester.GetClient().(oauth2.JWTProfileClient); ok && (enforce || client.GetEnableJWTProfileOAuthAccessTokens()) { + fmt.Println("generate jwt with client") return s.GenerateJWT(ctx, oauth2.AccessToken, requester, client) } else if enforce { + fmt.Println("generate jwt without client") return s.GenerateJWT(ctx, oauth2.AccessToken, requester, nil) } + fmt.Println("generate opaque") + return s.HMACCoreStrategy.GenerateAccessToken(ctx, requester) } @@ -147,10 +151,12 @@ func (s *JWTProfileCoreStrategy) GenerateJWT(ctx context.Context, tokenType oaut if client != nil { if kid := client.GetAccessTokenSignedResponseKeyID(); len(kid) != 0 { + fmt.Printf("set default kid '%s'\n", kid) header.SetDefaultString(consts.JSONWebTokenHeaderKeyIdentifier, kid) } if alg := client.GetAccessTokenSignedResponseAlg(); len(alg) != 0 { + fmt.Printf("set default alg '%s'\n", alg) header.SetDefaultString(consts.JSONWebTokenHeaderAlgorithm, alg) } } @@ -173,6 +179,8 @@ func (s *JWTProfileCoreStrategy) GenerateJWT(ctx context.Context, tokenType oaut mapClaims := claims.ToMapClaims() + fmt.Printf("requesting encode with headers %+v\n", header) + return s.Strategy.Encode(ctx, mapClaims, jwt.WithHeaders(header), jwt.WithJWTProfileAccessTokenClient(client)) } diff --git a/token/jwt/header.go b/token/jwt/header.go index 36550c13..091e2927 100644 --- a/token/jwt/header.go +++ b/token/jwt/header.go @@ -3,6 +3,8 @@ package jwt +import "fmt" + // Headers is the jwt headers type Headers struct { Extra map[string]any `json:"extra"` @@ -42,6 +44,8 @@ func (h *Headers) Get(key string) any { } func (h *Headers) SetDefaultString(key, value string) { + fmt.Printf("trying to set key '%s' to '%s'\n", key, value) + if h.Extra == nil { h.Extra = make(map[string]any) } @@ -54,14 +58,19 @@ func (h *Headers) SetDefaultString(key, value string) { if v, ok = h.Extra[key]; !ok { h.Extra[key] = value + fmt.Printf("set key '%s' to '%s'\n", key, value) return } if s, ok = v.(string); ok && len(s) != 0 { + fmt.Printf("did not set key '%s' to '%s'\n", key, value) + return } + fmt.Printf("set key '%s' to '%s'\n", key, value) + h.Extra[key] = value } diff --git a/token/jwt/jwt_strategy.go b/token/jwt/jwt_strategy.go index 21c54ad9..a9d43185 100644 --- a/token/jwt/jwt_strategy.go +++ b/token/jwt/jwt_strategy.go @@ -57,6 +57,8 @@ func (j *DefaultStrategy) Encode(ctx context.Context, claims Claims, opts ...Str } } + fmt.Printf("headers after opts %+v\n", o.headers) + var ( keySig *jose.JSONWebKey ) @@ -65,17 +67,24 @@ func (j *DefaultStrategy) Encode(ctx context.Context, claims Claims, opts ...Str if keySig, err = j.Issuer.GetIssuerJWK(ctx, "", string(jose.RS256), JSONWebTokenUseSignature); err != nil { return "", "", errorsx.WithStack(fmt.Errorf("error occurred retrieving issuer jwk: %w", err)) } + + fmt.Printf("got jwk nil client\n") + } else if keySig, err = j.Issuer.GetIssuerJWK(ctx, o.client.GetSigningKeyID(), o.client.GetSigningAlg(), JSONWebTokenUseSignature); err != nil { return "", "", errorsx.WithStack(fmt.Errorf("error occurred retrieving issuer jwk: %w", err)) } + fmt.Printf("got jwk '%s' '%s' '%s'\n", keySig.KeyID, keySig.Algorithm, keySig.Use) + if o.client == nil { + fmt.Printf("sign jwk (client nil) '%s' '%s' '%s'\n", keySig.KeyID, keySig.Algorithm, keySig.Use) return EncodeCompactSigned(ctx, claims, o.headers, keySig) } kid, alg, enc := o.client.GetEncryptionKeyID(), o.client.GetEncryptionAlg(), o.client.GetEncryptionEnc() - if len(kid) == 0 && len(alg) == 0 { + if len(kid)+len(alg) == 0 { + fmt.Printf("sign jwk '%s' '%s' '%s', headers %+v\n", keySig.KeyID, keySig.Algorithm, keySig.Use, o.headers) return EncodeCompactSigned(ctx, claims, o.headers, keySig) } diff --git a/token/jwt/jwt_strategy_opts.go b/token/jwt/jwt_strategy_opts.go index e9a442c8..e6b8d8bb 100644 --- a/token/jwt/jwt_strategy_opts.go +++ b/token/jwt/jwt_strategy_opts.go @@ -2,7 +2,6 @@ package jwt import ( "context" - "github.com/go-jose/go-jose/v4" "github.com/go-jose/go-jose/v4/jwt" ) @@ -62,8 +61,7 @@ func WithClient(client Client) StrategyOpt { func WithIDTokenClient(client any) StrategyOpt { return func(opts *StrategyOpts) (err error) { - switch c := client.(type) { - case IDTokenClient: + if c, ok := client.(IDTokenClient); ok { opts.client = &decoratedIDTokenClient{IDTokenClient: c} } @@ -73,8 +71,7 @@ func WithIDTokenClient(client any) StrategyOpt { func WithUserInfoClient(client any) StrategyOpt { return func(opts *StrategyOpts) (err error) { - switch c := client.(type) { - case UserInfoClient: + if c, ok := client.(UserInfoClient); ok { opts.client = &decoratedUserInfoClient{UserInfoClient: c} } @@ -84,8 +81,7 @@ func WithUserInfoClient(client any) StrategyOpt { func WithIntrospectionClient(client any) StrategyOpt { return func(opts *StrategyOpts) (err error) { - switch c := client.(type) { - case IntrospectionClient: + if c, ok := client.(IntrospectionClient); ok { opts.client = &decoratedIntrospectionClient{IntrospectionClient: c} } @@ -95,8 +91,7 @@ func WithIntrospectionClient(client any) StrategyOpt { func WithJARMClient(client any) StrategyOpt { return func(opts *StrategyOpts) (err error) { - switch c := client.(type) { - case JARMClient: + if c, ok := client.(JARMClient); ok { opts.client = &decoratedJARMClient{JARMClient: c} } @@ -106,8 +101,7 @@ func WithJARMClient(client any) StrategyOpt { func WithJARClient(client any) StrategyOpt { return func(opts *StrategyOpts) (err error) { - switch c := client.(type) { - case JARClient: + if c, ok := client.(JARClient); ok { opts.client = &decoratedJARClient{JARClient: c} } @@ -117,8 +111,7 @@ func WithJARClient(client any) StrategyOpt { func WithJWTProfileAccessTokenClient(client any) StrategyOpt { return func(opts *StrategyOpts) (err error) { - switch c := client.(type) { - case JWTProfileAccessTokenClient: + if c, ok := client.(JWTProfileAccessTokenClient); ok { opts.client = &decoratedJWTProfileAccessTokenClient{JWTProfileAccessTokenClient: c} } @@ -128,10 +121,9 @@ func WithJWTProfileAccessTokenClient(client any) StrategyOpt { func WithStatelessJWTProfileIntrospectionClient(client any) StrategyOpt { return func(opts *StrategyOpts) (err error) { - switch c := client.(type) { - case IntrospectionClient: + if c, ok := client.(IntrospectionClient); ok { opts.client = &decoratedIntrospectionClient{IntrospectionClient: c} - case JWTProfileAccessTokenClient: + } else if c, ok := client.(JWTProfileAccessTokenClient); ok { opts.client = &decoratedJWTProfileAccessTokenClient{JWTProfileAccessTokenClient: c} } diff --git a/token/jwt/util.go b/token/jwt/util.go index 20e3ccdd..389423e7 100644 --- a/token/jwt/util.go +++ b/token/jwt/util.go @@ -369,6 +369,10 @@ func EncodeCompactSigned(ctx context.Context, claims Claims, headers Mapper, key headers = &Headers{} } + fmt.Printf("encoding claims %+v\n", claims.ToMapClaims()) + fmt.Printf("encoding header %+v\n", headers.ToMap()) + fmt.Printf("encoding with key %+v\n", key) + token.SetJWS(headers, claims, key.KeyID, jose.SignatureAlgorithm(key.Algorithm)) return token.CompactSigned(key)