TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 04:47:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: decrypt of access token in token verifier (#1527)

Browse Source
This commit is contained in:
Livio Amstutz
2021-04-06 11:38:39 +02:00
committed by GitHub
parent d375ad4d49
commit a393d549fb
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
internal/authz/repository/eventsourcing/eventstore/token_verifier.go
View File

@@ -2,6 +2,7 @@ package eventstore
import ( import (
"context" "context"
"encoding/base64"
"strings" "strings"
"time" "time"
@@ -68,7 +69,11 @@ func (repo *TokenVerifierRepo) TokenByID(ctx context.Context, tokenID, userID st
func (repo *TokenVerifierRepo) VerifyAccessToken(ctx context.Context, tokenString, clientID string) (userID string, agentID string, prefLang, resourceOwner string, err error) { func (repo *TokenVerifierRepo) VerifyAccessToken(ctx context.Context, tokenString, clientID string) (userID string, agentID string, prefLang, resourceOwner string, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
tokenIDSubject, err := repo.TokenVerificationKey.DecryptString([]byte(tokenString), repo.TokenVerificationKey.EncryptionKeyID()) tokenData, err := base64.URLEncoding.DecodeString(tokenString)
if err != nil {
return "", "", "", "", caos_errs.ThrowUnauthenticated(nil, "APP-ASdgg", "invalid token")
}
tokenIDSubject, err := repo.TokenVerificationKey.DecryptString(tokenData, repo.TokenVerificationKey.EncryptionKeyID())
if err != nil { if err != nil {
return "", "", "", "", caos_errs.ThrowUnauthenticated(nil, "APP-8EF0zZ", "invalid token") return "", "", "", "", caos_errs.ThrowUnauthenticated(nil, "APP-8EF0zZ", "invalid token")
} }