devstack/authorizer
4
0
Fork 0
Code Pull Requests Actions Activity

fix: user session access

Browse Source
This commit is contained in:
Lakhan Samani
2022-06-12 00:27:21 +05:30
parent ac49b5bb70
commit 82a2a42f84
22 changed files with 172 additions and 130 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
server/token/jwt.go
View File

@@ -145,8 +145,8 @@ func ValidateJWTClaims(claims jwt.MapClaims, hostname, nonce, subject string) (b
return true, nil
}
// ValidateJWTClaimsWithoutNonce common util to validate claims without nonce
func ValidateJWTTokenWithoutNonce(claims jwt.MapClaims, hostname string) (bool, error) {
// ValidateJWTTokenWithoutNonce common util to validate claims without nonce
func ValidateJWTTokenWithoutNonce(claims jwt.MapClaims, hostname, subject string) (bool, error) {
clientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID)
if err != nil {
return false, err
@@ -159,5 +159,8 @@ func ValidateJWTTokenWithoutNonce(claims jwt.MapClaims, hostname string) (bool,
return false, errors.New("invalid issuer")
}
if claims["sub"] != subject {
return false, errors.New("invalid subject")
}
return true, nil
}