extractExpiration parses the JWT token to extract the expiration time.
(token string)
| 89 | |
| 90 | // extractExpiration parses the JWT token to extract the expiration time. |
| 91 | func (r *jwtFileReader) extractExpiration(token string) (time.Time, error) { |
| 92 | claimsRaw, ok := extractClaimsRaw(token) |
| 93 | if !ok { |
| 94 | return time.Time{}, fmt.Errorf("expected 3 parts in token") |
| 95 | } |
| 96 | payloadBytes, err := base64.RawURLEncoding.DecodeString(claimsRaw) |
| 97 | if err != nil { |
| 98 | return time.Time{}, fmt.Errorf("decode error: %v", err) |
| 99 | } |
| 100 | |
| 101 | var claims jwtClaims |
| 102 | if err := json.Unmarshal(payloadBytes, &claims); err != nil { |
| 103 | return time.Time{}, fmt.Errorf("unmarshal error: %v", err) |
| 104 | } |
| 105 | |
| 106 | if claims.Exp == 0 { |
| 107 | return time.Time{}, fmt.Errorf("no expiration claims") |
| 108 | } |
| 109 | |
| 110 | expTime := time.Unix(claims.Exp, 0) |
| 111 | |
| 112 | // Check if token is already expired. |
| 113 | if expTime.Before(time.Now()) { |
| 114 | return time.Time{}, fmt.Errorf("expired token") |
| 115 | } |
| 116 | |
| 117 | return expTime, nil |
| 118 | } |
no test coverage detected