Verify access key as part of PAA verification

2026-03-27 22:46:37 +00:00 · 2020-08-20 14:46:01 +02:00
parent 93c558786f
commit db00ce7be0
2 changed files with 15 additions and 2 deletions
--- a/security/jwt.go
+++ b/security/jwt.go
@@ -6,8 +6,10 @@ import (
 	"fmt"
 	"github.com/bolkedebruin/rdpgw/common"
 	"github.com/bolkedebruin/rdpgw/protocol"
+	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/square/go-jose/v3"
 	"github.com/square/go-jose/v3/jwt"
+	"golang.org/x/oauth2"
 	"log"
 	"time"
 )
@@ -17,6 +19,8 @@ var (
 	EncryptionKey     []byte
 	UserSigningKey    []byte
 	UserEncryptionKey []byte
+	OIDCProvider	  *oidc.Provider
+	Oauth2Config	  oauth2.Config
 )

 var ExpiryTime time.Duration = 5
@@ -58,6 +62,14 @@ func VerifyPAAToken(ctx context.Context, tokenString string) (bool, error) {
 		return false, err
 	}

+	// validate the access token
+	tokenSource := Oauth2Config.TokenSource(ctx, &oauth2.Token{AccessToken: custom.AccessToken})
+	_, err = OIDCProvider.UserInfo(ctx, tokenSource)
+	if err != nil {
+		log.Printf("Cannot get user info for access token: %s", err)
+		return false, err
+	}
+
 	s := getSessionInfo(ctx)

 	s.RemoteServer = custom.RemoteServer