import (
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"github.com/gbrlsnchs/jwt/v3"
"github.com/google/uuid"
"os"
"time"
)
type IdTokenPayload struct {
jwt.Payload
Email *string `json:"email,omitempty"`
Phone *string `json:"phone,omitempty"`
LastName string `json:"lastName,omitempty"`
FirstName string `json:"firstName,omitempty"`
Username *string `json:"username,omitempty"`
}
func ValidateIdToken(signedToken string) (pl2 *IdTokenPayload, err error) {
var (
now = time.Now()
issuerValidator = jwt.IssuerValidator("id.hamuga.mn")
expValidator = jwt.ExpirationTimeValidator(now)
audValidator = jwt.AudienceValidator([]string{"your-client-id"})
iatValidator = jwt.IssuedAtValidator(now)
pl IdTokenPayload
validatePayload = jwt.ValidatePayload(&pl.Payload, expValidator, issuerValidator, audValidator, iatValidator)
)
file, err := os.ReadFile("public.pem")
if err != nil {
// file not found
panic(err)
}
block, _ := pem.Decode(file)
pub, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
// invalid public key
panic(err)
}
var algorithm = jwt.NewRS256(jwt.RSAPublicKey(pub.(*rsa.PublicKey)))
_, err = jwt.Verify([]byte(signedToken), algorithm, &pl, validatePayload)
if err != nil {
return nil, err
}
return &pl, nil
}