commit 680f5e83d802e69b5ee890fd9be42d745a0cd43c
parent d3e4fb88ee93d33d9accbfc2c8831289a97eef69
Author: Nick Fox <nick@foxsec.net>
Date: Fri, 14 Dec 2018 21:52:16 -0500
Add Invite JWT struct and supporting functions
Diffstat:
1 file changed, 35 insertions(+), 0 deletions(-)
diff --git a/src/auth.rs b/src/auth.rs
@@ -56,6 +56,27 @@ pub fn decode_jwt(token: &str) -> Result<JWTClaims, String> {
}
}
+pub fn decode_invite_jwt(token: &str) -> Result<InviteJWTClaims, String> {
+ let validation = jsonwebtoken::Validation {
+ leeway: 30, // 30 seconds
+ validate_exp: true,
+ validate_iat: false, // IssuedAt is the same as NotBefore
+ validate_nbf: true,
+ aud: None,
+ iss: Some(JWT_ISSUER.clone()),
+ sub: None,
+ algorithms: vec![JWT_ALGORITHM],
+ };
+
+ match jsonwebtoken::decode(token, &PUBLIC_RSA_KEY, &validation) {
+ Ok(decoded) => Ok(decoded.claims),
+ Err(msg) => {
+ error!("Error validating jwt - {:#?}", msg);
+ Err(msg.to_string())
+ }
+ }
+}
+
#[derive(Debug, Serialize, Deserialize)]
pub struct JWTClaims {
// Not before
@@ -87,6 +108,20 @@ pub struct JWTClaims {
pub amr: Vec<String>,
}
+#[derive(Debug, Serialize, Deserialize)]
+pub struct InviteJWTClaims {
+ // Not before
+ pub nbf: i64,
+ // Expiration time
+ pub exp: i64,
+ // Issuer
+ pub iss: String,
+ // Subject
+ pub sub: String,
+
+ pub email: String,
+}
+
///
/// Bearer token authentication
///
