Fetch jwk and issuer from well-known configs

cant-code · Apr 14, 2024 · 48fdbbf · 48fdbbf
1 parent 49fb767
commit 48fdbbf
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 6 deletions.
diff --git a/internal/auth/authMiddleware.go b/internal/auth/authMiddleware.go
@@ -2,6 +2,9 @@ package auth
 
 import (
 	"crypto/rsa"
+	"encoding/json"
+	"fmt"
+	"io"
 	"log"
 	"net/http"
 	"yt-clone-video-processing/internal/configurations"
@@ -12,18 +15,51 @@ type IMiddleware interface {
 	jwtMiddleware() func(http.Handler) http.Handler
 }
 
+type openIdConfig struct {
+	Issuer string `json:"issuer"`
+	Jwks   string `json:"jwks_uri"`
+}
+
 type middlewareConfig struct {
-	Auth   configurations.Auth
-	JWKSet map[string]*rsa.PublicKey
+	OpenIdConfig *openIdConfig
+	JWKSet       map[string]*rsa.PublicKey
 }
 
+const wellKnownConfigs = "/.well-known/openid-configuration"
+
 func HandleJwtAuthMiddleware(auth *configurations.Auth) func(http.Handler) http.Handler {
-	middleware := IMiddleware(&middlewareConfig{Auth: *auth})
+	openIdConfig, err := getOpenIdConfigs(auth)
+	if err != nil {
+		log.Println("Error getting openid configs: ", err)
+	}
+
+	middleware := IMiddleware(&middlewareConfig{OpenIdConfig: openIdConfig})
 
-	err := middleware.getJWKSet()
+	err = middleware.getJWKSet()
 	if err != nil {
 		log.Printf("Error fetching jwk-sets: %v\n", err)
 	}
 
 	return middleware.jwtMiddleware()
 }
+
+func getOpenIdConfigs(auth *configurations.Auth) (*openIdConfig, error) {
+	response, err := http.Get(auth.Url + wellKnownConfigs)
+	if err != nil {
+		return nil, fmt.Errorf("error making GET request: %v", err)
+	}
+	defer func(Body io.ReadCloser) {
+		err := Body.Close()
+		if err != nil {
+			log.Println("Error closing body:", err)
+		}
+	}(response.Body)
+
+	var openIdConfig openIdConfig
+	decoder := json.NewDecoder(response.Body)
+	if err := decoder.Decode(&openIdConfig); err != nil {
+		return nil, fmt.Errorf("error decoding JSON: %v", err)
+	}
+
+	return &openIdConfig, nil
+}
diff --git a/internal/auth/jwkFetcher.go b/internal/auth/jwkFetcher.go
@@ -14,7 +14,7 @@ import (
 
 func (config *middlewareConfig) getJWKSet() error {
 	// Make the GET request
-	response, err := http.Get(config.Auth.Url + "/protocol/openid-connect/certs")
+	response, err := http.Get(config.OpenIdConfig.Jwks)
 	if err != nil {
 		return fmt.Errorf("error making GET request: %v", err)
 	}

diff --git a/internal/auth/tokenHandler.go b/internal/auth/tokenHandler.go
@@ -28,7 +28,7 @@ func (config *middlewareConfig) jwtMiddleware() func(http.Handler) http.Handler
 			}
 
 			issuer, err := token.Claims.GetIssuer()
-			if err != nil || issuer != config.Auth.Url {
+			if err != nil || issuer != config.OpenIdConfig.Issuer {
 				log.Println("error validating issuer:", err)
 				http.Error(w, "", http.StatusUnauthorized)
 				return