public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
054e12b1aca94dea145f15475f80076c279ea20b
grafana/pkg/services/auth/idimpl/signer.go
Alexander Zobnin 294fd943c0 Chore: Update authlib (#110880) 
* Chore: Update authlib

* exclude incompatible version of github.com/grafana/gomemcache

* Update go-jose to v4

* fix jose imports

* remove jose v3 from go.mod

* fix tests

* fix serialize

* fix failing live tests

* add v1 of ES256 testkeys. Port tests to use ES256 instead of HS256

* accept more signature algs for okta and azuread

* azure social graph token sig

* accept more signature algs for oauth refresh and jwt auth

* update workspace

* add a static signer for inproc

* rebase and fix ext_jwt

* fix jwt tests

* apply alex patch on gomemcache

* update linting

* fix ext_jwt panic

* update workspaces

---------

Co-authored-by: Jo Garnier <git@jguer.space>
2025-09-15 12:45:15 +02:00

63 lines
1.3 KiB
Go
Raw Blame History

package idimpl
import (
"context"
"github.com/go-jose/go-jose/v4"
"github.com/go-jose/go-jose/v4/jwt"
"github.com/grafana/grafana/pkg/services/auth"
"github.com/grafana/grafana/pkg/services/signingkeys"
)
const (
keyPrefix = "id"
headerKeyID = "kid"
)
var _ auth.IDSigner = (*LocalSigner)(nil)
func ProvideLocalSigner(keyService signingkeys.Service) (*LocalSigner, error) {
return &LocalSigner{keyService}, nil
}
type LocalSigner struct {
keyService signingkeys.Service
}
func (s *LocalSigner) SignIDToken(ctx context.Context, claims *auth.IDClaims) (string, error) {
signer, err := s.getSigner(ctx)
if err != nil {
return "", err
}
builder := jwt.Signed(signer).Claims(&claims.Rest).Claims(claims.Claims)
token, err := builder.Serialize()
if err != nil {
return "", err
}
return token, nil
}
func (s *LocalSigner) getSigner(ctx context.Context) (jose.Signer, error) {
id, key, err := s.keyService.GetOrCreatePrivateKey(ctx, keyPrefix, jose.ES256)
if err != nil {
return nil, err
}
signer, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: key}, &jose.SignerOptions{
ExtraHeaders: map[jose.HeaderKey]any{
headerKeyID: id,
jose.HeaderType: "jwt",
},
})
if err != nil {
return nil, err
}
return signer, nil
}
Reference in New Issue View Git Blame Copy Permalink