jdb/buffoonery
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support cases where the aud token is a list of valid audiences.

Browse Source
This commit is contained in:
Jonathan Bernard 2025-01-10 21:01:19 -06:00
parent 9f302556f6
commit 3c3edacd7c
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
buffoonery.nimble
View File

@ -1,6 +1,6 @@
# Package # Package
version = "0.4.2" version = "0.4.3"
author = "Jonathan Bernard" author = "Jonathan Bernard"
description = "Jonathan's opinionated extensions and auth layer for Jester." description = "Jonathan's opinionated extensions and auth layer for Jester."
license = "MIT" license = "MIT"

7
src/buffoonery/auth.nim
View File

@ -143,8 +143,15 @@ proc validateJWT*(ctx: ApiAuthContext, jwt: JWT) =
if jwt.claims.sub.isNone: failAuth "Missing 'sub' claim." if jwt.claims.sub.isNone: failAuth "Missing 'sub' claim."
if jwt.claims.exp.isNone: failAuth "Missing or invalid 'exp' claim." if jwt.claims.exp.isNone: failAuth "Missing or invalid 'exp' claim."
if jwt.claims["aud"].get.kind == JString:
# If the token is for a single audience, check that it is for us.
if not ctx.validAudiences.contains(jwt.claims.aud.get): if not ctx.validAudiences.contains(jwt.claims.aud.get):
failAuth "JWT is not for us (invalid audience)." failAuth "JWT is not for us (invalid audience)."
elif jwt.claims["aud"].get.kind == JArray:
# If the token is for multiple audiences, check that at least one is for us.
let auds = jwt.claims["aud"].get.getElems
if not auds.anyIt(ctx.validAudiences.contains(it.getStr)):
failAuth "JWT is not for us (invalid audience)."
let signingAlgorithm = jwt.header.alg.get let signingAlgorithm = jwt.header.alg.get