accessToken := &oauth2.Token{
GrantID: grant.ID,
Type: oauth2.TypeAccessToken,
- // FIXME: Migrate to RegisteredClaims
- StandardClaims: jwt.StandardClaims{ //nolint
- ExpiresAt: expirationDate.AsTime().Unix(),
+ RegisteredClaims: jwt.RegisteredClaims{
+ ExpiresAt: jwt.NewNumericDate(expirationDate.AsTime()),
},
}
signedAccessToken, err := accessToken.SignToken(serverKey)
}
// generate refresh token to request an access token after it expired later
- refreshExpirationDate := timeutil.TimeStampNow().Add(setting.OAuth2.RefreshTokenExpirationTime * 60 * 60).AsTime().Unix()
+ refreshExpirationDate := timeutil.TimeStampNow().Add(setting.OAuth2.RefreshTokenExpirationTime * 60 * 60).AsTime()
refreshToken := &oauth2.Token{
GrantID: grant.ID,
Counter: grant.Counter,
Type: oauth2.TypeRefreshToken,
- // FIXME: Migrate to RegisteredClaims
- StandardClaims: jwt.StandardClaims{ // nolint
- ExpiresAt: refreshExpirationDate,
+ RegisteredClaims: jwt.RegisteredClaims{ // nolint
+ ExpiresAt: jwt.NewNumericDate(refreshExpirationDate),
},
}
signedRefreshToken, err := refreshToken.SignToken(serverKey)
}
idToken := &oauth2.OIDCToken{
- // FIXME: migrate to RegisteredClaims
- StandardClaims: jwt.StandardClaims{ //nolint
- ExpiresAt: expirationDate.AsTime().Unix(),
+ RegisteredClaims: jwt.RegisteredClaims{
+ ExpiresAt: jwt.NewNumericDate(expirationDate.AsTime()),
Issuer: setting.AppURL,
- Audience: app.ClientID,
+ Audience: []string{app.ClientID},
Subject: fmt.Sprint(grant.UserID),
},
Nonce: grant.Nonce,
var response struct {
Active bool `json:"active"`
Scope string `json:"scope,omitempty"`
- // FIXME: Migrate to RegisteredClaims
- jwt.StandardClaims //nolint
+ jwt.RegisteredClaims
}
form := web.GetForm(ctx).(*forms.IntrospectTokenForm)
response.Active = true
response.Scope = grant.Scope
response.Issuer = setting.AppURL
- response.Audience = app.ClientID
+ response.Audience = []string{app.ClientID}
response.Subject = fmt.Sprint(grant.UserID)
}
}
GrantID int64 `json:"gnt"`
Type TokenType `json:"tt"`
Counter int64 `json:"cnt,omitempty"`
- // FIXME: Migrate to registered claims
- jwt.StandardClaims
+ jwt.RegisteredClaims
}
// ParseToken parses a signed jwt string
// SignToken signs the token with the JWT secret
func (token *Token) SignToken(signingKey JWTSigningKey) (string, error) {
- token.IssuedAt = time.Now().Unix()
+ token.IssuedAt = jwt.NewNumericDate(time.Now())
jwtToken := jwt.NewWithClaims(signingKey.SigningMethod(), token)
signingKey.PreProcessToken(jwtToken)
return jwtToken.SignedString(signingKey.SignKey())
// OIDCToken represents an OpenID Connect id_token
type OIDCToken struct {
- // FIXME: Migrate to RegisteredClaims
- jwt.StandardClaims
+ jwt.RegisteredClaims
Nonce string `json:"nonce,omitempty"`
// Scope profile
// SignToken signs an id_token with the (symmetric) client secret key
func (token *OIDCToken) SignToken(signingKey JWTSigningKey) (string, error) {
- token.IssuedAt = time.Now().Unix()
+ token.IssuedAt = jwt.NewNumericDate(time.Now())
jwtToken := jwt.NewWithClaims(signingKey.SigningMethod(), token)
signingKey.PreProcessToken(jwtToken)
return jwtToken.SignedString(signingKey.SignKey())