Auth

- DecodeClaims

auth/claims.go

@@ -0,0 +1,36 @@
+package auth
+
+import (
+	"github.com/Nerzal/gocloak/v13/pkg/jwx"
+	"github.com/golang-jwt/jwt/v4"
+	"github.com/mitchellh/mapstructure"
+)
+
+type Claims struct {
+	Acr            string             `mapstructure:"acr"`
+	AllowedOrigins []string           `mapstructure:"allowed-origins"`
+	Aud            string             `mapstructure:"aud"`
+	Azp            string             `mapstructure:"azp"`
+	EmailVerified  bool               `mapstructure:"email_verified"`
+	ExpiresAr      int                `mapstructure:"exp"`
+	IssuedAt       int                `mapstructure:"iat"`
+	Issuer         string             `mapstructure:"iss"`
+	Jti            string             `mapstructure:"jti"`
+	Username       string             `mapstructure:"preferred_username"`
+	RealmAccess    jwx.RealmAccess    `mapstructure:"realm_access"`
+	ResourceAccess jwx.ResourceAccess `mapstructure:"resource_access"`
+	Scope          string             `mapstructure:"scope"`
+	SessionState   string             `mapstructure:"session_state"`
+	Sid            string             `mapstructure:"sid"`
+	Sub            string             `mapstructure:"sub"`
+	Typ            string             `mapstructure:"typ"`
+}
+
+func DecodeClaims(t *jwt.Token) (*Claims, error) {
+	r := Claims{}
+	if err := mapstructure.Decode(t.Claims, &r); err != nil {
+		return nil, err
+	}
+
+	return &r, nil
+}

auth/claims_test.go

@@ -0,0 +1,72 @@
+package auth
+
+import (
+	"context"
+	"github.com/Nerzal/gocloak/v13"
+	"github.com/Nerzal/gocloak/v13/pkg/jwx"
+	"os"
+	"reflect"
+	"testing"
+)
+
+var cli = gocloak.NewClient(os.Getenv("JWT_ISSUER"))
+
+func TestDecodeClaims(t *testing.T) {
+	tests := []struct {
+		token   string
+		realm   string
+		want    *Claims
+		wantErr bool
+	}{
+		{
+			token: "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJzTEFaZEJKUF93OHdZRWI4aDlQNmxNSTltSS1WMlNCX1JRREpmZG5Qek1JIn0.eyJleHAiOjE2OTQ0MDY4MzUsImlhdCI6MTY5NDQwNjUzNSwianRpIjoiMjMzODg1MjAtNmQ5Yi00ZTNiLTkzODItYTk5NWQ1MGZiMzI2IiwiaXNzIjoiaHR0cDovLzIwLjIxMC4xMTUuMjQ1L3JlYWxtcy8zMmE4MzQ4Ni0xNTMwLTUwN2MtYWRkNy1kOTdmNDMxNmIyOGIiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiM2U1NmQxYjMtNjBkMy00OWQxLWExNzQtZDY5Y2ZhNjI1NDE4IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoibWFzdGVyIiwic2Vzc2lvbl9zdGF0ZSI6ImQxMTg2YmE2LWQyYzEtNGRiZC04MjNiLTJiODM4ZGE0OWVhMCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiKiJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiIsImRlZmF1bHQtcm9sZXMtZGVtbyJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUiLCJzaWQiOiJkMTE4NmJhNi1kMmMxLTRkYmQtODIzYi0yYjgzOGRhNDllYTAiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6ImJlZWpheSJ9.UGJf4utoJAUL0TzaaRwiAew_r5movdt_zrQab0wUt7kfIeV-3x8VPegeHSwKpc3Aera7RPjGjQMF4_rPgxjowMNXKPVY3kxIj0g9Mx0A80t3-iUcYuVzRYYqw0WUEDonFxWSo1i4kbuZeBv55Q3mHNYp_umKn_Fp2AzH3o1vLQoBLoX1_zj9MjljFTJtwAjHQ96AYHfO0lc-gREJFdFOSlNNvNXYlAZott_3vilhbGu0JhbpHmNgIibnNFsV444K0toa2BeMrcr-dL09FKVb0mcZt3lj5UfHF2BXDJSsrL0nUXgb7ZoBKjaGDqkvL8GFViDr7wRpiFABBBWwAQyaNA",
+			realm: "32a83486-1530-507c-add7-d97f4316b28b",
+			want: &Claims{
+				Acr:            "1",
+				AllowedOrigins: []string{"*"},
+				Aud:            "account",
+				Azp:            "master",
+				EmailVerified:  false,
+				ExpiresAr:      1694406835,
+				IssuedAt:       1694406535,
+				Issuer:         "http://20.210.115.245/realms/32a83486-1530-507c-add7-d97f4316b28b",
+				Jti:            "b489568f-5236-4c97-aa81-172cf18036bc",
+				Username:       "beejay",
+				RealmAccess: jwx.RealmAccess{
+					Roles: []string{"offline_access", "uma_authorization", "default-roles-demo"},
+				},
+				ResourceAccess: jwx.ResourceAccess{
+					Account: jwx.Account{
+						Roles: []string{"manage-account", "manage-account-links", "view-profile"},
+					},
+				},
+				Scope:        "openid email profile",
+				SessionState: "d1186ba6-d2c1-4dbd-823b-2b838da49ea0",
+				Sid:          "d1186ba6-d2c1-4dbd-823b-2b838da49ea0",
+				Sub:          "3e56d1b3-60d3-49d1-a174-d69cfa625418",
+				Typ:          "Bearer",
+			},
+			wantErr: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run("TestDecodeClaims", func(t *testing.T) {
+			token, _, err := cli.DecodeAccessToken(context.TODO(), tt.token, tt.realm)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("DecodeClaims() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+
+			got, err := DecodeClaims(token)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("DecodeClaims() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("DecodeClaims() got = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

go.mod

@@ -13,6 +13,7 @@ require (
 	github.com/labstack/echo-jwt/v4 v4.2.0
 	github.com/labstack/echo/v4 v4.11.1
 	github.com/mailru/easyjson v0.7.7
+	github.com/mitchellh/mapstructure v1.5.0
 	github.com/rs/zerolog v1.30.0
 	github.com/samber/lo v1.38.1
 	github.com/urfave/cli/v2 v2.25.7

go.sum

@@ -1306,6 +1306,8 @@ github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS4
 github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=