Skip to content
Snippets Groups Projects
Commit db00ce7b authored by Bolke de Bruin's avatar Bolke de Bruin
Browse files

Verify access key as part of PAA verification

parent 93c55878
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
main.go
+ 3
2
View file @ db00ce7b
......@@ -41,8 +41,7 @@ func main() {
security.UserSigningKey = []byte(conf.Security.UserTokenSigningKey)
// set oidc config
ctx := context.Background()
provider, err := oidc.NewProvider(ctx, conf.OpenId.ProviderUrl)
provider, err := oidc.NewProvider(context.Background(), conf.OpenId.ProviderUrl)
if err != nil {
log.Fatalf("Cannot get oidc provider: %s", err)
}
......@@ -58,6 +57,8 @@ func main() {
Endpoint: provider.Endpoint(),
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
}
security.OIDCProvider = provider
security.Oauth2Config = oauthConfig
api := &api.Config{
GatewayAddress: conf.Server.GatewayAddress,
......
security/jwt.go
+ 12
0
View file @ db00ce7b
......@@ -6,8 +6,10 @@ import (
"fmt"
"github.com/bolkedebruin/rdpgw/common"
"github.com/bolkedebruin/rdpgw/protocol"
"github.com/coreos/go-oidc/v3/oidc"
"github.com/square/go-jose/v3"
"github.com/square/go-jose/v3/jwt"
"golang.org/x/oauth2"
"log"
"time"
)
......@@ -17,6 +19,8 @@ var (
EncryptionKey []byte
UserSigningKey []byte
UserEncryptionKey []byte
OIDCProvider *oidc.Provider
Oauth2Config oauth2.Config
)
var ExpiryTime time.Duration = 5
......@@ -58,6 +62,14 @@ func VerifyPAAToken(ctx context.Context, tokenString string) (bool, error) {
return false, err
}
// validate the access token
tokenSource := Oauth2Config.TokenSource(ctx, &oauth2.Token{AccessToken: custom.AccessToken})
_, err = OIDCProvider.UserInfo(ctx, tokenSource)
if err != nil {
log.Printf("Cannot get user info for access token: %s", err)
return false, err
}
s := getSessionInfo(ctx)
s.RemoteServer = custom.RemoteServer
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment