1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
package examples_test
import (
"fmt"
"net/http"
"net/url"
"github.com/lestrrat-go/jwx/v2/jwt"
)
func Example_jwt_parse_request_authorization() {
req, err := http.NewRequest(http.MethodGet, `https://github.com/lestrrat-go/jwx`, nil)
if err != nil {
fmt.Printf("failed to create request: %s\n", err)
return
}
req.Form = url.Values{}
req.Form.Add("access_token", exampleJWTSignedHMAC)
req.Header.Set(`Authorization`, fmt.Sprintf(`Bearer %s`, exampleJWTSignedECDSA))
req.Header.Set(`X-JWT-Token`, exampleJWTSignedRSA)
req.AddCookie(&http.Cookie{Name: "accessToken", Value: exampleJWTSignedHMAC})
var dst *http.Cookie
testcases := []struct {
options []jwt.ParseOption
}{
// No options - looks under "Authorization" header
{},
// Looks under "X-JWT-Token" header only
{
options: []jwt.ParseOption{jwt.WithHeaderKey(`X-JWT-Token`)},
},
// Looks under "Authorization" and "X-JWT-Token" headers
{
options: []jwt.ParseOption{jwt.WithHeaderKey(`Authorization`), jwt.WithHeaderKey(`X-JWT-Token`)},
},
// Looks under "Authorization" header and "access_token" form field
{
options: []jwt.ParseOption{jwt.WithFormKey(`access_token`)},
},
// Looks under "accessToken" cookie, and assigns the http.Cookie object
// where the token came from to the variable `dst`
{
options: []jwt.ParseOption{jwt.WithCookieKey(`accessToken`), jwt.WithCookie(&dst)},
},
}
for _, tc := range testcases {
options := append(tc.options, []jwt.ParseOption{jwt.WithVerify(false), jwt.WithValidate(false)}...)
tok, err := jwt.ParseRequest(req, options...)
if err != nil {
fmt.Print("jwt.ParseRequest with options [")
for i, option := range tc.options {
if i > 0 {
fmt.Print(", ")
}
fmt.Printf("%s", option)
}
fmt.Printf("]: %s\n", err)
return
}
_ = tok
}
if dst == nil {
fmt.Printf("failed to assign cookie to dst\n")
return
}
// OUTPUT:
}
|
