TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-12 02:54:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: decrypt of access token in token verifier (#1527)

Browse Source
This commit is contained in:
Livio Amstutz 2021-04-06 11:38:39 +02:00 committed by GitHub
parent d375ad4d49
commit a393d549fb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
internal/authz/repository/eventsourcing/eventstore/token_verifier.go
View File

@ -2,6 +2,7 @@ package eventstore
import (
"context"
"encoding/base64"
"strings"
"time"
@ -68,7 +69,11 @@ func (repo *TokenVerifierRepo) TokenByID(ctx context.Context, tokenID, userID st
func (repo *TokenVerifierRepo) VerifyAccessToken(ctx context.Context, tokenString, clientID string) (userID string, agentID string, prefLang, resourceOwner string, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
tokenIDSubject, err := repo.TokenVerificationKey.DecryptString([]byte(tokenString), repo.TokenVerificationKey.EncryptionKeyID())
tokenData, err := base64.URLEncoding.DecodeString(tokenString)
if err != nil {
return "", "", "", "", caos_errs.ThrowUnauthenticated(nil, "APP-ASdgg", "invalid token")
}
tokenIDSubject, err := repo.TokenVerificationKey.DecryptString(tokenData, repo.TokenVerificationKey.EncryptionKeyID())
if err != nil {
return "", "", "", "", caos_errs.ThrowUnauthenticated(nil, "APP-8EF0zZ", "invalid token")
}