mirror of
https://github.com/kemko/nomad.git
synced 2026-01-05 01:45:44 +03:00
0e22fc1a0b
Allows for multiple `identity{}` blocks for tasks along with user-specified audiences. This is a building block to allow workload identities to be used with Consul, Vault and 3rd party JWT based auth methods.
Expiration is still unimplemented and is necessary for JWTs to be used securely, so that's up next.
---------
Co-authored-by: Tim Gross <tgross@hashicorp.com>
24 lines
501 B
Go
24 lines
501 B
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package joseutil
|
|
|
|
import (
|
|
"errors"
|
|
|
|
"github.com/go-jose/go-jose/v3/jwt"
|
|
)
|
|
|
|
var ErrNoKeyID = errors.New("missing key ID header")
|
|
|
|
// KeyID returns the KeyID header for a JWT or ErrNoKeyID if a key id could not
|
|
// be found. No clue why jose makes this so awkward.
|
|
func KeyID(token *jwt.JSONWebToken) (string, error) {
|
|
for _, h := range token.Headers {
|
|
if h.KeyID != "" {
|
|
return h.KeyID, nil
|
|
}
|
|
}
|
|
return "", ErrNoKeyID
|
|
}
|