allow wildcard in token issuer verification

This commit is contained in:
slauth 2020-11-03 11:22:14 +01:00 committed by Дамян Минков
parent 2a01d3550c
commit 9742e90bb5
1 changed files with 13 additions and 9 deletions

View File

@ -142,7 +142,7 @@ function Util:get_public_key(keyId)
end
--- Verifies issuer part of token
-- @param 'iss' claim from the token to verify
-- @param 'issClaim' claim from the token to verify
-- @param 'acceptedIssuers' list of issuers to check
-- @return nil and error string or true for accepted claim
function Util:verify_issuer(issClaim, acceptedIssuers)
@ -151,6 +151,10 @@ function Util:verify_issuer(issClaim, acceptedIssuers)
end
module:log("debug", "verify_issuer claim: %s against accepted: %s", issClaim, acceptedIssuers);
for i, iss in ipairs(acceptedIssuers) do
if iss == '*' then
-- "*" indicates to accept any issuer in the claims so return success
return true;
end
if issClaim == iss then
-- claim matches an accepted issuer so return success
return true;
@ -161,13 +165,13 @@ function Util:verify_issuer(issClaim, acceptedIssuers)
end
--- Verifies audience part of token
-- @param 'aud' claim from the token to verify
-- @param 'audClaim' claim from the token to verify
-- @return nil and error string or true for accepted claim
function Util:verify_audience(audClaim)
module:log("debug", "verify_audience claim: %s against accepted: %s", audClaim, self.acceptedAudiences);
for i, aud in ipairs(self.acceptedAudiences) do
if aud == '*' then
--* indicates to accept any audience in the claims so return success
-- "*" indicates to accept any audience in the claims so return success
return true;
end
if audClaim == aud then
@ -175,7 +179,7 @@ function Util:verify_audience(audClaim)
return true;
end
end
--if issClaim not found in acceptedIssuers, fail claim
-- if audClaim not found in acceptedAudiences, fail claim
return nil, "Invalid audience ('aud' claim)";
end