CoCalc -- session

GitHub Repository: gitpod-io/gitpod
Path: blob/main/components/public-api-server/pkg/auth/session_jwt.go
²⁵⁰⁰ views

1
// Copyright (c) 2023 Gitpod GmbH. All rights reserved.
2
// Licensed under the GNU Affero General Public License (AGPL).
3
// See License.AGPL.txt in the project root for license information.
4

5
package auth
6

7
import (
8
	"fmt"
9
	"time"
10

11
	"github.com/gitpod-io/gitpod/public-api-server/pkg/jws"
12
	"github.com/golang-jwt/jwt/v5"
13
	"github.com/google/uuid"
14
)
15

16
type SessionClaims struct {
17
	jwt.RegisteredClaims
18
}
19

20
func NewSessionJWT(subject uuid.UUID, issuer string, issuedAt, expiry time.Time) *jwt.Token {
21
	return jwt.NewWithClaims(jwt.SigningMethodRS256, &SessionClaims{
22
		RegisteredClaims: jwt.RegisteredClaims{
23
			Issuer:    issuer,
24
			Subject:   subject.String(),
25
			IssuedAt:  jwt.NewNumericDate(issuedAt),
26
			ExpiresAt: jwt.NewNumericDate(expiry),
27
		},
28
	})
29
}
30

31
func VerifySessionJWT(token string, verifier jws.Verifier, expectedIssuer string) (*SessionClaims, error) {
32
	parsed, err := verifier.Verify(token, &SessionClaims{}, jwt.WithIssuer(expectedIssuer))
33
	if err != nil {
34
		return nil, fmt.Errorf("failed to parse jwt: %w", err)
35
	}
36

37
	claims, ok := parsed.Claims.(*SessionClaims)
38
	if !ok {
39
		return nil, fmt.Errorf("unknown jwt claims: %w", jwt.ErrTokenInvalidClaims)
40
	}
41

42
	return claims, nil
43
}
44

45

Product

Resources

Company