From 6af31855635042b2f9ea723b7012c383adc2028e Mon Sep 17 00:00:00 2001 From: Mitar Date: Thu, 7 Mar 2024 13:22:07 +0100 Subject: [PATCH] fix: pass JWK for singing so that KeyID is set in JWTs --- token/jwt/jwt.go | 4 ++-- token/jwt/jwt_test.go | 12 +++++++++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/token/jwt/jwt.go b/token/jwt/jwt.go index d9f825a7..dc7f96e1 100644 --- a/token/jwt/jwt.go +++ b/token/jwt/jwt.go @@ -48,9 +48,9 @@ func (j *DefaultSigner) Generate(ctx context.Context, claims MapClaims, header M switch t := key.(type) { case *jose.JSONWebKey: - return generateToken(claims, header, jose.SignatureAlgorithm(t.Algorithm), t.Key) + return generateToken(claims, header, jose.SignatureAlgorithm(t.Algorithm), t) case jose.JSONWebKey: - return generateToken(claims, header, jose.SignatureAlgorithm(t.Algorithm), t.Key) + return generateToken(claims, header, jose.SignatureAlgorithm(t.Algorithm), t) case *rsa.PrivateKey: return generateToken(claims, header, jose.RS256, t) case *ecdsa.PrivateKey: diff --git a/token/jwt/jwt_test.go b/token/jwt/jwt_test.go index b498a7e3..44392f4d 100644 --- a/token/jwt/jwt_test.go +++ b/token/jwt/jwt_test.go @@ -105,6 +105,7 @@ func TestGenerateJWT(t *testing.T) { }, resetKey: func(strategy Signer) { key = &jose.JSONWebKey{ + KeyID: "test-id", Key: gen.MustES521Key(), Algorithm: "ES512", } @@ -129,7 +130,16 @@ func TestGenerateJWT(t *testing.T) { token, sig, err := tc.strategy.Generate(context.TODO(), claims.ToMapClaims(), header) require.NoError(t, err) - require.NotNil(t, token) + require.NotEmpty(t, token) + require.NotEmpty(t, sig) + + decoded, err := tc.strategy.Decode(context.TODO(), token) + require.NoError(t, err) + require.NotNil(t, decoded) + + if k, ok := key.(*jose.JSONWebKey); ok && k.KeyID != "" { + require.Equal(t, k.KeyID, decoded.Header["kid"]) + } sig, err = tc.strategy.Validate(context.TODO(), token) require.NoError(t, err)