VerifyResumeToken parses a signed tailnet resume token with the given key and returns the payload. If the token is invalid or expired, an error is returned.
(ctx context.Context, str string)
| 90 | // returns the payload. If the token is invalid or expired, an error is |
| 91 | // returned. |
| 92 | func (p ResumeTokenKeyProvider) VerifyResumeToken(ctx context.Context, str string) (uuid.UUID, error) { |
| 93 | var tok jwt.Claims |
| 94 | err := jwtutils.Verify(ctx, p.key, str, &tok, jwtutils.WithVerifyExpected(jwt.Expected{ |
| 95 | Time: p.clock.Now(), |
| 96 | })) |
| 97 | if err != nil { |
| 98 | return uuid.Nil, xerrors.Errorf("verify payload: %w", err) |
| 99 | } |
| 100 | parsed, err := uuid.Parse(tok.Subject) |
| 101 | if err != nil { |
| 102 | return uuid.Nil, xerrors.Errorf("parse peerID from token: %w", err) |
| 103 | } |
| 104 | return parsed, nil |
| 105 | } |