fix bug where mytokens that are not yet valid cannot be created

zachmann · zachmann · commit dd6500a7bfea · 2021-10-18T18:52:43.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -36,6 +36,7 @@
 - Fixed PKCE code verifier length.
 - Fixed Datetimepicker issues on consent page.
 - Fixed response type if an (oidc) error occures on the redirect step of the authorization code flow.
+- Fixed a bug where mytokens that are not yet valid could not be created
 
 ## mytoken 0.3.2
 
diff --git a/internal/endpoints/token/mytoken/polling/pollingEndpoint.go b/internal/endpoints/token/mytoken/polling/pollingEndpoint.go
@@ -65,7 +65,7 @@ func handlePollingCode(req response.PollingCodeRequest, networkData api.ClientMe
 			Response: api.ErrorAuthorizationPending,
 		}
 	}
-	mt, err := mytoken.ParseJWT(token)
+	mt, err := mytoken.ParseJWTWithoutClaimsValidation(token)
 	if err != nil {
 		log.Errorf("%s", errorfmt.Full(err))
 		return model.ErrorToInternalServerErrorResponse(err)
diff --git a/shared/mytoken/pkg/mytoken.go b/shared/mytoken/pkg/mytoken.go
@@ -255,15 +255,31 @@ func (mt *Mytoken) ToJWT() (string, error) {
 		return mt.jwt, nil
 	}
 	var err error
-	mt.jwt, err = jwt.NewWithClaims(jwt.GetSigningMethod(config.Get().Signing.Alg), mt).SignedString(jws.GetPrivateKey())
+	mt.jwt, err = jwt.NewWithClaims(
+		jwt.GetSigningMethod(config.Get().Signing.Alg), mt,
+	).SignedString(jws.GetPrivateKey())
 	return mt.jwt, errors.WithStack(err)
 }
 
 // ParseJWT parses a token string into a Mytoken
 func ParseJWT(token string) (*Mytoken, error) {
-	tok, err := jwt.ParseWithClaims(token, &Mytoken{}, func(t *jwt.Token) (interface{}, error) {
-		return jws.GetPublicKey(), nil
-	})
+	return parseJWT(token, false)
+}
+
+// ParseJWTWithoutClaimsValidation parses a token string into a Mytoken
+func ParseJWTWithoutClaimsValidation(token string) (*Mytoken, error) {
+	return parseJWT(token, true)
+}
+
+func parseJWT(token string, skipCalimsValidation bool) (*Mytoken, error) {
+	parser := jwt.Parser{
+		SkipClaimsValidation: skipCalimsValidation,
+	}
+	tok, err := parser.ParseWithClaims(
+		token, &Mytoken{}, func(t *jwt.Token) (interface{}, error) {
+			return jws.GetPublicKey(), nil
+		},
+	)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}

Original file line number	Diff line number	Diff line change
`@@ -65,7 +65,7 @@ func handlePollingCode(req response.PollingCodeRequest, networkData api.ClientMe`
`65`	`65`	`Response: api.ErrorAuthorizationPending,`
`66`	`66`	`}`
`67`	`67`	`}`
`68`		`- mt, err := mytoken.ParseJWT(token)`
	`68`	`+ mt, err := mytoken.ParseJWTWithoutClaimsValidation(token)`
`69`	`69`	`if err != nil {`
`70`	`70`	`log.Errorf("%s", errorfmt.Full(err))`
`71`	`71`	`return model.ErrorToInternalServerErrorResponse(err)`