Skip to content

Commit

Permalink
feat(jwt): support multiple audience verification (#748)
Browse files Browse the repository at this point in the history
  • Loading branch information
@felangel
felangel authored Jun 30, 2023
1 parent 2ddfcac commit dd77c00
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 9 deletions.
2 changes: 1 addition & 1 deletion packages/jwt/example/main.dart
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ Future<void> main() async {
final token = await jwt.verify(
'<TOKEN>',
issuer: '<ISSUER>',
audience: '<AUDIENCE>',
audience: {'<AUDIENCE>'},
publicKeysUrl: '<PUBLIC_KEYS_URL>',
);
print(token);
Expand Down
6 changes: 3 additions & 3 deletions packages/jwt/lib/src/jwt.dart
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ class JwtVerificationFailure implements Exception {
Future<Jwt> verify(
String jwt, {
required String issuer,
required String audience,
required Set<String> audience,
required String publicKeysUrl,
}) async {
final parts = jwt.split('.');
Expand Down Expand Up @@ -136,7 +136,7 @@ Future<void> _verifyHeader(
}
}

void _verifyPayload(JwtPayload payload, String issuer, String audience) {
void _verifyPayload(JwtPayload payload, String issuer, Set<String> audience) {
final now = clock.now();

final exp = DateTime.fromMillisecondsSinceEpoch(payload.exp * 1000);
Expand All @@ -158,7 +158,7 @@ void _verifyPayload(JwtPayload payload, String issuer, String audience) {
}
}

if (payload.aud != audience) {
if (!audience.contains(payload.aud)) {
throw const JwtVerificationFailure('Invalid audience.');
}

Expand Down
29 changes: 24 additions & 5 deletions packages/jwt/test/src/jwt_test.dart
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ void main() {
try {
await verify(
token,
audience: audience,
audience: {audience},
issuer: issuer,
publicKeysUrl: publicKeysUrl,
);
Expand Down Expand Up @@ -69,7 +69,7 @@ void main() {
try {
await verify(
token,
audience: 'invalid-audience',
audience: {'invalid-audience'},
issuer: issuer,
publicKeysUrl: publicKeysUrl,
);
Expand Down Expand Up @@ -99,7 +99,7 @@ void main() {
try {
await verify(
token,
audience: audience,
audience: {audience},
issuer: 'https://invalid/issuer',
publicKeysUrl: publicKeysUrl,
);
Expand Down Expand Up @@ -128,7 +128,26 @@ void main() {
};
final jwt = await verify(
token,
audience: audience,
audience: {audience},
issuer: issuer,
publicKeysUrl: publicKeysUrl,
);
expect(jwt, isA<Jwt>());
});
});

test('can verify a valid jwt (multiple audiences)', () async {
await withClock(Clock.fixed(validTime), () async {
getOverride = (Uri uri) async {
return Response(
body,
HttpStatus.ok,
headers: {'cache-control': 'max-age=3600'},
);
};
final jwt = await verify(
token,
audience: {'other-audience', audience},
issuer: issuer,
publicKeysUrl: publicKeysUrl,
);
Expand All @@ -147,7 +166,7 @@ void main() {
};
final jwt = await verify(
tokenNoAuthTime,
audience: audience,
audience: {audience},
issuer: issuer,
publicKeysUrl: publicKeysUrl,
);
Expand Down

0 comments on commit dd77c00

Please sign in to comment.