tabshift/pocketbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

moved ValidateTokenSignature to jwk and added tests

Browse Source
This commit is contained in:
Gani Georgiev
2025-10-19 18:18:24 +03:00
parent 0b6157e1cc
commit 0bd712752f
4 changed files with 158 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
tools/auth/apple.go
View File

@@ -4,8 +4,10 @@ import (
"context"
"encoding/json"
"errors"
"fmt"
"github.com/golang-jwt/jwt/v5"
"github.com/pocketbase/pocketbase/tools/auth/internal/jwk"
"github.com/pocketbase/pocketbase/tools/types"
"github.com/spf13/cast"
"golang.org/x/oauth2"
@@ -108,10 +110,10 @@ func (p *Apple) parseAndVerifyIdToken(idToken string) (jwt.MapClaims, error) {
return nil, errors.New("empty id_token")
}
// extract the token header params and claims
// extract the token claims
// ---
claims := jwt.MapClaims{}
t, _, err := jwt.NewParser().ParseUnverified(idToken, claims)
_, _, err := jwt.NewParser().ParseUnverified(idToken, claims)
if err != nil {
return nil, err
}
@@ -136,10 +138,9 @@ func (p *Apple) parseAndVerifyIdToken(idToken string) (jwt.MapClaims, error) {
// the token which is a result of direct TLS communication with the provider
// (see also https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation)
// ---
kid, _ := t.Header["kid"].(string)
err = validateIdTokenSignature(p.ctx, idToken, p.jwksURL, kid)
err = jwk.ValidateTokenSignature(p.ctx, idToken, p.jwksURL)
if err != nil {
return nil, err
return nil, fmt.Errorf("id_token validation failed: %w", err)
}
return claims, nil