feat: support ecdsa key/algo

adhocore · adhocore · commit 10794482776a · 2021-10-14T14:59:21.000+07:00
diff --git a/goic.go b/goic.go
@@ -1,6 +1,7 @@
 package goic
 
 import (
+	"crypto/ecdsa"
 	"crypto/rsa"
 	"encoding/json"
 	"errors"
@@ -245,25 +246,24 @@ func (g *Goic) verifyToken(p *Provider, tok *Token, nonce string) error {
 		return err
 	}
 
-	// todo: is this ok here?
-	if p.wellKnown.KeysURI == "" {
-		return nil
-	}
-
 	_, err = jwt.ParseWithClaims(tok.IDToken, claims, func(t *jwt.Token) (interface{}, error) {
 		alg := t.Header["alg"].(string)
-		if alg == "HS256" || alg == "HS384" || alg == "HS512" {
+		al2 := alg[0:2]
+		if al2 == "HS" {
 			return []byte(p.clientSecret), nil
 		}
-
-		if alg != "RS256" && alg != "RS384" && alg != "RS512" {
+		if al2 != "RS" && al2 != "ES" {
 			return nil, ErrTokenAlgo
 		}
 
 		for _, key := range p.wellKnown.jwks.Keys {
-			if (key.Kty == "RSA" && key.Kid == t.Header["kid"]) || (key.Alg == alg && key.Kid == t.Header["kid"]) {
+			kid := key.Kid == t.Header["kid"]
+			if kid && key.Kty == "RSA" && key.Alg == alg {
 				return &rsa.PublicKey{E: ParseExponent(key.E), N: ParseModulo(key.N)}, nil
 			}
+			if kid && key.Kty == "EC" && key.Alg == alg {
+				return &ecdsa.PublicKey{X: ParseModulo(key.X), Y: ParseModulo(key.Y), Curve: GetCurve(key.Crv)}, nil
+			}
 		}
 
 		return nil, ErrTokenKey
diff --git a/provider.go b/provider.go
@@ -29,11 +29,14 @@ type WellKnown struct {
 	jwks        struct {
 		Keys []struct {
 			Alg string `json:"alg"`
-			Use string `json:"use"`
+			Use string `json:"use,omitempty"`
 			Kid string `json:"kid"`
 			Kty string `json:"kty"`
-			E   string `json:"e"`
-			N   string `json:"n"`
+			Crv string `json:"crv,omitempty"`
+			E   string `json:"e,omitempty"`
+			N   string `json:"n,omitempty"`
+			X   string `json:"x,omitempty"`
+			Y   string `json:"y,omitempty"`
 		}
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -29,11 +29,14 @@ type WellKnown struct {`
`29`	`29`	`jwks struct {`
`30`	`30`	`Keys []struct {`
`31`	`31`	Alg string `json:"alg"`
`32`		- Use string `json:"use"`
	`32`	+ Use string `json:"use,omitempty"`
`33`	`33`	Kid string `json:"kid"`
`34`	`34`	Kty string `json:"kty"`
`35`		- E string `json:"e"`
`36`		- N string `json:"n"`
	`35`	+ Crv string `json:"crv,omitempty"`
	`36`	+ E string `json:"e,omitempty"`
	`37`	+ N string `json:"n,omitempty"`
	`38`	+ X string `json:"x,omitempty"`
	`39`	+ Y string `json:"y,omitempty"`
`37`	`40`	`}`
`38`	`41`	`}`
`39`	`42`	`}`