Skip to content

Commit

Permalink
sevensolutions#6: Fix token validation.
Browse files Browse the repository at this point in the history
  • Loading branch information
@sevensolutions @WhySoBad
sevensolutions authored and WhySoBad committed Sep 28, 2024
1 parent 8dad1d5 commit 0b16846
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions oidc.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,25 +225,25 @@ func validateToken(oidcAuth *TraefikOidcAuth, tokenString string) (bool, *jwt.Ma
return false, nil, err
}

parser := jwt.NewParser()
parser := jwt.NewParser(
jwt.WithIssuer(oidcAuth.Config.Provider.Url),
jwt.WithExpirationRequired(),
)

_, err = parser.ParseWithClaims(tokenString, &claims, oidcAuth.Jwks.Keyfunc)
_, err = parser.ParseWithClaims(tokenString, claims, oidcAuth.Jwks.Keyfunc)

if err != nil {
err := oidcAuth.Jwks.EnsureLoaded(oidcAuth, true)
if err != nil {
return false, nil, err
}

_, err = parser.ParseWithClaims(tokenString, &claims, oidcAuth.Jwks.Keyfunc)
_, err = parser.ParseWithClaims(tokenString, claims, oidcAuth.Jwks.Keyfunc)

if err != nil {
return false, nil, err
}
}

// TODO: Remove this. I don't know why, but ParseWithClaims() isn't returning claims
_, _, err = parser.ParseUnverified(tokenString, claims)

return true, &claims, nil
}

0 comments on commit 0b16846

Please sign in to comment.