Skip to content

Commit

Permalink
feat: Support new issuer format for dev instances
Browse files Browse the repository at this point in the history 
This commit adds support for the new issuer format we are going to introduce for our dev instances. The new format is 'https://foo-bar-13.clerk.accounts.dev' when the old one would be 'https://clerk.foo.bar-13.lcl.dev'
  • Loading branch information
@chanioxaris
chanioxaris committed Jan 5, 2023
1 parent 9510bff commit 52f8b1a
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 3 deletions.
4 changes: 2 additions & 2 deletions clerk/middleware.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ func isAuthV2Request(r *http.Request, client Client) (string, bool) {

claims, err := client.DecodeToken(headerToken)
if err == nil {
return headerToken, strings.HasPrefix(claims.Issuer, "https://clerk.")
return headerToken, isValidIssuer(claims.Issuer)
}

// Verification from header token failed, try with token from cookie
Expand All @@ -65,5 +65,5 @@ func isAuthV2Request(r *http.Request, client Client) (string, bool) {
return "", false
}

return cookieSession.Value, strings.HasPrefix(claims.Issuer, "https://clerk.")
return cookieSession.Value, isValidIssuer(claims.Issuer)
}
6 changes: 5 additions & 1 deletion clerk/tokens.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ func (c *client) VerifyToken(token string, opts ...VerifyTokenOption) (*SessionC
return nil, err
}

if !strings.HasPrefix(claims.Issuer, "https://clerk.") {
if !isValidIssuer(claims.Issuer) {
return nil, fmt.Errorf("invalid issuer %s", claims.Issuer)
}

Expand Down Expand Up @@ -132,3 +132,7 @@ func verifyTokenParseClaims(parsedToken *jwt.JSONWebToken, key interface{}, sess
}
return parsedToken.Claims(key, sessionClaims, options.customClaims)
}

func isValidIssuer(issuer string) bool {
return strings.HasPrefix(issuer, "https://clerk.") || strings.Contains(issuer, ".clerk.accounts")
}
21 changes: 21 additions & 0 deletions clerk/tokens_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,27 @@ func TestClient_VerifyToken_Success(t *testing.T) {
}
}

func TestClient_VerifyToken_Success_NewIssuerFormat(t *testing.T) {
c, _ := NewClient("token")

claims := dummySessionClaims
claims.Issuer = "https://foo-bar-13.clerk.accounts.dev"

token, pubKey := testGenerateTokenJWT(t, dummySessionClaims, "kid")

client := c.(*client)
client.jwksCache.set(testBuildJWKS(t, pubKey, jose.RS256, "kid"))

got, err := c.VerifyToken(token)
if err != nil {
t.Fatalf("Expected no error but got %v", err)
}

if !reflect.DeepEqual(got, &dummySessionClaims) {
t.Errorf("Expected %+v, but got %+v", dummySessionClaims, got)
}
}

func TestClient_VerifyToken_Success_ExpiredCache(t *testing.T) {
c, mux, _, teardown := setup("token")
defer teardown()
Expand Down

0 comments on commit 52f8b1a

Please sign in to comment.