mirror of
				https://github.com/zitadel/zitadel.git
				synced 2025-10-25 11:20:48 +00:00 
			
		
		
		
	fix: decrypt of access token in token verifier (#1527)
This commit is contained in:
		| @@ -2,6 +2,7 @@ package eventstore | ||||
|  | ||||
| import ( | ||||
| 	"context" | ||||
| 	"encoding/base64" | ||||
| 	"strings" | ||||
| 	"time" | ||||
|  | ||||
| @@ -68,7 +69,11 @@ func (repo *TokenVerifierRepo) TokenByID(ctx context.Context, tokenID, userID st | ||||
| func (repo *TokenVerifierRepo) VerifyAccessToken(ctx context.Context, tokenString, clientID string) (userID string, agentID string, prefLang, resourceOwner string, err error) { | ||||
| 	ctx, span := tracing.NewSpan(ctx) | ||||
| 	defer func() { span.EndWithError(err) }() | ||||
| 	tokenIDSubject, err := repo.TokenVerificationKey.DecryptString([]byte(tokenString), repo.TokenVerificationKey.EncryptionKeyID()) | ||||
| 	tokenData, err := base64.URLEncoding.DecodeString(tokenString) | ||||
| 	if err != nil { | ||||
| 		return "", "", "", "", caos_errs.ThrowUnauthenticated(nil, "APP-ASdgg", "invalid token") | ||||
| 	} | ||||
| 	tokenIDSubject, err := repo.TokenVerificationKey.DecryptString(tokenData, repo.TokenVerificationKey.EncryptionKeyID()) | ||||
| 	if err != nil { | ||||
| 		return "", "", "", "", caos_errs.ThrowUnauthenticated(nil, "APP-8EF0zZ", "invalid token") | ||||
| 	} | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Livio Amstutz
					Livio Amstutz