auth0 · sergiught · Jan 6, 2022 · Jan 6, 2022
@@ -2,7 +2,7 @@
 
 .PHONY: test
 test: ## Run tests.
-	go test -cover -covermode=atomic -coverprofile=coverage.out ./...
+	go test -race -cover -covermode=atomic -coverprofile=coverage.out ./...
 
 .PHONY: lint
 lint: ## Run golangci-lint.

@@ -48,7 +48,9 @@ func main() {
 
 	// We want this struct to be filled in with
 	// our custom claims from the token.
-	customClaims := &CustomClaimsExample{}
+	customClaims := func() validator.CustomClaims {
+		return &CustomClaimsExample{}
+	}
 
 	// Set up the validator.
 	jwtValidator, err := validator.New(

@@ -44,6 +44,8 @@ func Test_AuthHeaderTokenExtractor(t *testing.T) {
 
 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
+			t.Parallel()
+
 			gotToken, err := AuthHeaderTokenExtractor(testCase.request)
 			if testCase.wantError != "" {
 				assert.EqualError(t, err, testCase.wantError)
@@ -96,6 +98,8 @@ func Test_CookieTokenExtractor(t *testing.T) {
 
 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
+			t.Parallel()
+
 			request, err := http.NewRequest(http.MethodGet, "https://example.com", nil)
 			require.NoError(t, err)
 

@@ -51,6 +51,7 @@ func Test_CheckJWT(t *testing.T) {
 			name:           "it can successfully validate a token",
 			validateToken:  jwtValidator.ValidateToken,
 			token:          validToken,
+			method:         http.MethodGet,
 			wantToken:      tokenClaims,
 			wantStatusCode: http.StatusOK,
 			wantBody:       `{"message":"Authenticated."}`,
@@ -67,19 +68,22 @@ func Test_CheckJWT(t *testing.T) {
 		{
 			name:           "it fails to validate a token with a bad format",
 			token:          "bad",
+			method:         http.MethodGet,
 			wantStatusCode: http.StatusInternalServerError,
 			wantBody:       `{"message":"Something went wrong while checking the JWT."}`,
 		},
 		{
 			name:           "it fails to validate if token is missing and credentials are not optional",
 			token:          "",
+			method:         http.MethodGet,
 			wantStatusCode: http.StatusBadRequest,
 			wantBody:       `{"message":"JWT is missing."}`,
 		},
 		{
 			name:           "it fails to validate an invalid token",
 			validateToken:  jwtValidator.ValidateToken,
 			token:          invalidToken,
+			method:         http.MethodGet,
 			wantStatusCode: http.StatusUnauthorized,
 			wantBody:       `{"message":"JWT is invalid."}`,
 		},
@@ -100,6 +104,7 @@ func Test_CheckJWT(t *testing.T) {
 					return "", errors.New("token extractor error")
 				}),
 			},
+			method:         http.MethodGet,
 			wantStatusCode: http.StatusInternalServerError,
 			wantBody:       `{"message":"Something went wrong while checking the JWT."}`,
 		},
@@ -111,6 +116,7 @@ func Test_CheckJWT(t *testing.T) {
 					return "", nil
 				}),
 			},
+			method:         http.MethodGet,
 			wantStatusCode: http.StatusOK,
 			wantBody:       `{"message":"Authenticated."}`,
 		},
@@ -123,16 +129,15 @@ func Test_CheckJWT(t *testing.T) {
 					return "", nil
 				}),
 			},
+			method:         http.MethodGet,
 			wantStatusCode: http.StatusBadRequest,
 			wantBody:       `{"message":"JWT is missing."}`,
 		},
 	}
 
 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-			if testCase.method == "" {
-				testCase.method = http.MethodGet
-			}
+			t.Parallel()
 
 			middleware := New(testCase.validateToken, testCase.options...)
 

@@ -21,8 +21,8 @@ func WithAllowedClockSkew(skew time.Duration) Option {
 // CustomClaims that will be unmarshalled into and on which
 // Validate is called on for custom validation. If this option
 // is not used the Validator will do nothing for custom claims.
-func WithCustomClaims(c CustomClaims) Option {
+func WithCustomClaims(f func() CustomClaims) Option {
 	return func(v *Validator) {
-		v.customClaims = c
+		v.customClaims = f
 	}
 }
@@ -31,7 +31,7 @@ type Validator struct {
 	keyFunc            func(context.Context) (interface{}, error) // Required.
 	signatureAlgorithm SignatureAlgorithm                         // Required.
 	expectedClaims     jwt.Expected                               // Internal.
-	customClaims       CustomClaims                               // Optional.
+	customClaims       func() CustomClaims                        // Optional.
 	allowedClockSkew   time.Duration                              // Optional.
 }
 
@@ -114,16 +114,17 @@ func (v *Validator) ValidateToken(ctx context.Context, tokenString string) (inte
 
 	claimDest := []interface{}{&jwt.Claims{}}
 	if v.customClaims != nil {
-		claimDest = append(claimDest, v.customClaims)
+		claimDest = append(claimDest, v.customClaims())
 	}
 
 	if err = token.Claims(key, claimDest...); err != nil {
 		return nil, fmt.Errorf("could not get token claims: %w", err)
 	}
 
 	registeredClaims := *claimDest[0].(*jwt.Claims)
-	v.expectedClaims.Time = time.Now()
-	if err = registeredClaims.ValidateWithLeeway(v.expectedClaims, v.allowedClockSkew); err != nil {
+	expectedClaims := v.expectedClaims
+	expectedClaims.Time = time.Now()
+	if err = registeredClaims.ValidateWithLeeway(expectedClaims, v.allowedClockSkew); err != nil {
 		return nil, fmt.Errorf("expected claims not validated: %w", err)
 	}
 

@@ -30,7 +30,7 @@ func TestValidator_ValidateToken(t *testing.T) {
 		token          string
 		keyFunc        func(context.Context) (interface{}, error)
 		algorithm      SignatureAlgorithm
-		customClaims   CustomClaims
+		customClaims   func() CustomClaims
 		expectedError  error
 		expectedClaims *ValidatedClaims
 	}{
@@ -40,6 +40,7 @@ func TestValidator_ValidateToken(t *testing.T) {
 			keyFunc: func(context.Context) (interface{}, error) {
 				return []byte("secret"), nil
 			},
+			algorithm: HS256,
 			expectedClaims: &ValidatedClaims{
 				RegisteredClaims: RegisteredClaims{
 					Issuer:   issuer,
@@ -54,7 +55,10 @@ func TestValidator_ValidateToken(t *testing.T) {
 			keyFunc: func(context.Context) (interface{}, error) {
 				return []byte("secret"), nil
 			},
-			customClaims: &testClaims{},
+			algorithm: HS256,
+			customClaims: func() CustomClaims {
+				return &testClaims{}
+			},
 			expectedClaims: &ValidatedClaims{
 				RegisteredClaims: RegisteredClaims{
 					Issuer:   issuer,
@@ -81,6 +85,7 @@ func TestValidator_ValidateToken(t *testing.T) {
 			keyFunc: func(context.Context) (interface{}, error) {
 				return []byte("secret"), nil
 			},
+			algorithm:     HS256,
 			expectedError: errors.New("could not parse the token: square/go-jose: compact JWS format must have three parts"),
 		},
 		{
@@ -89,6 +94,7 @@ func TestValidator_ValidateToken(t *testing.T) {
 			keyFunc: func(context.Context) (interface{}, error) {
 				return nil, errors.New("key func error message")
 			},
+			algorithm:     HS256,
 			expectedError: errors.New("error getting the keys from the key func: key func error message"),
 		},
 		{
@@ -97,6 +103,7 @@ func TestValidator_ValidateToken(t *testing.T) {
 			keyFunc: func(context.Context) (interface{}, error) {
 				return []byte("secret"), nil
 			},
+			algorithm:     HS256,
 			expectedError: errors.New("could not get token claims: square/go-jose: error in cryptographic primitive"),
 		},
 		{
@@ -105,6 +112,7 @@ func TestValidator_ValidateToken(t *testing.T) {
 			keyFunc: func(context.Context) (interface{}, error) {
 				return []byte("secret"), nil
 			},
+			algorithm:     HS256,
 			expectedError: errors.New("expected claims not validated: square/go-jose/jwt: validation failed, invalid audience claim (aud)"),
 		},
 		{
@@ -113,18 +121,19 @@ func TestValidator_ValidateToken(t *testing.T) {
 			keyFunc: func(context.Context) (interface{}, error) {
 				return []byte("secret"), nil
 			},
-			customClaims: &testClaims{
-				ReturnError: errors.New("custom claims error message"),
+			algorithm: HS256,
+			customClaims: func() CustomClaims {
+				return &testClaims{
+					ReturnError: errors.New("custom claims error message"),
+				}
 			},
 			expectedError: errors.New("custom claims not validated: custom claims error message"),
 		},
 	}
 
 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-			if testCase.algorithm == "" {
-				testCase.algorithm = HS256
-			}
+			t.Parallel()
 
 			validator, err := New(
 				testCase.keyFunc,