decodeClaims decodes the JWT claims from the stored JWT. Note here we do not validate the JWT and just return the claims verbatim. We want to include all licenses on the GET response, even if they are expired, or signed by a key this version of Coder no longer considers valid. Also, we do not ret
(l database.License)
| 367 | // Also, we do not return the whole JWT itself because a signed JWT is a bearer token and we |
| 368 | // want to limit the chance of it being accidentally leaked. |
| 369 | func decodeClaims(l database.License) (jwt.MapClaims, error) { |
| 370 | parts := strings.Split(l.JWT, ".") |
| 371 | if len(parts) != 3 { |
| 372 | return nil, xerrors.Errorf("Unable to parse license %d as JWT", l.ID) |
| 373 | } |
| 374 | cb, err := base64.RawURLEncoding.DecodeString(parts[1]) |
| 375 | if err != nil { |
| 376 | return nil, xerrors.Errorf("Unable to decode license %d claims: %w", l.ID, err) |
| 377 | } |
| 378 | c := make(jwt.MapClaims) |
| 379 | d := json.NewDecoder(bytes.NewBuffer(cb)) |
| 380 | d.UseNumber() |
| 381 | err = d.Decode(&c) |
| 382 | return c, err |
| 383 | } |
no test coverage detected