blob: b400df4cad17d20dc747584570bf0d84348793e7 [file] [log] [blame]
local request = require 'lib/request'
local cjson = require 'cjson'
local utils = require 'lib/utils'
local APPID_PKURL = os.getenv("APPID_PKURL")
local _M = {}
local http = require 'resty.http'
local cjose = require 'resty.cjose'
function _M.process(dataStore, token, securityObj)
local result = dataStore:getOAuthToken('appId', token)
local httpc = http.new()
local json_resp
if result ~= ngx.null then
json_resp = cjson.decode(result)
ngx.header['X-OIDC-Email'] = json_resp['email']
ngx.header['X-OIDC-Sub'] = json_resp['sub']
return json_resp
end
local keyUrl = utils.concatStrings({APPID_PKURL, securityObj.tenantId, '/publickeys'})
local request_options = {
headers = {
["Accept"] = "application/json"
},
ssl_verify = false
}
local res, err = httpc:request_uri(keyUrl, request_options)
if err then
request.err(500, 'error getting app id key: ' .. err)
end
local key
local keys = cjson.decode(res.body).keys
for _, v in ipairs(keys) do
key = v
end
local result = cjose.validateJWS(token, cjson.encode(key))
if not result then
request.err(401, 'AppId key signature verification failed.')
return nil
end
jwt_obj = cjson.decode(cjose.getJWSInfo(token))
ngx.header['X-OIDC-Email'] = jwt_obj['email']
ngx.header['X-OIDC-Sub'] = jwt_obj['sub']
dataStore:saveOAuthToken('appId', token, cjson.encode(jwt_obj), jwt_obj['exp'])
return jwt_obj
end
return _M