Expose v2/keys to get jwt public key (#184)

* Expose v2/keys to get jwt public key descope/etc#1126 * A better implementaion for extracting the keys replace /v2/ with const
descope · Dec 9, 2022 · deeb850 · deeb850
1 parent f12c9b4
commit deeb850
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 6 deletions.
diff --git a/descope/api/client.go b/descope/api/client.go
@@ -27,7 +27,8 @@ const (
 
 var (
 	Routes = endpoints{
-		version: "/v1/",
+		version:   "/v1/",
+		versionV2: "/v2/",
 		auth: authEndpoints{
 			signInOTP:                    "auth/otp/signin",
 			signUpOTP:                    "auth/otp/signup",
@@ -95,6 +96,7 @@ var (
 
 type endpoints struct {
 	version   string
+	versionV2 string
 	auth      authEndpoints
 	mgmt      mgmtEndpoints
 	logout    string
@@ -258,7 +260,7 @@ func (e *endpoints) Me() string {
 	return path.Join(e.version, e.me)
 }
 func (e *endpoints) GetKeys() string {
-	return path.Join(e.version, e.keys)
+	return path.Join(e.versionV2, e.keys)
 }
 func (e *endpoints) RefreshToken() string {
 	return path.Join(e.version, e.refresh)

diff --git a/descope/auth/auth_test.go b/descope/auth/auth_test.go
@@ -219,7 +219,7 @@ func TestValidateSessionFetchKeyCalledOnce(t *testing.T) {
 	count := 0
 	a, err := newTestAuthConf(&AuthParams{ProjectID: "a"}, nil, mocks.Do(func(r *http.Request) (*http.Response, error) {
 		count++
-		return &http.Response{StatusCode: http.StatusOK, Body: io.NopCloser(strings.NewReader(fmt.Sprintf("[%s]", publicKey)))}, nil
+		return &http.Response{StatusCode: http.StatusOK, Body: io.NopCloser(strings.NewReader(fmt.Sprintf(`{"keys":[%s]}`, publicKey)))}, nil
 	}))
 	require.NoError(t, err)
 	ok, _, err := a.validateSession(jwtTokenValid, "", false, nil)
@@ -234,7 +234,7 @@ func TestValidateSessionFetchKeyCalledOnce(t *testing.T) {
 
 func TestValidateSessionFetchKeyMalformed(t *testing.T) {
 	a, err := newTestAuthConf(&AuthParams{ProjectID: "a"}, nil, mocks.Do(func(r *http.Request) (*http.Response, error) {
-		return &http.Response{StatusCode: http.StatusOK, Body: io.NopCloser(strings.NewReader(fmt.Sprintf("[%s]", unknownPublicKey)))}, nil
+		return &http.Response{StatusCode: http.StatusOK, Body: io.NopCloser(strings.NewReader(fmt.Sprintf(`{"keys":[%s]}`, unknownPublicKey)))}, nil
 	}))
 	require.NoError(t, err)
 	ok, _, err := a.validateSession(jwtTokenValid, jwtTokenValid, false, nil)

diff --git a/descope/auth/jwt.go b/descope/auth/jwt.go
@@ -49,11 +49,12 @@ func (p *provider) selectKey(sink jws.KeySink, key jwk.Key) error {
 
 func (p *provider) requestKeys() error {
 	projectID := p.conf.ProjectID
-	keys := []map[string]interface{}{}
-	_, err := p.client.DoGetRequest(path.Join(api.Routes.GetKeys(), projectID), &api.HTTPRequest{ResBodyObj: &keys}, "")
+	keysWrapper := map[string][]map[string]interface{}{}
+	_, err := p.client.DoGetRequest(path.Join(api.Routes.GetKeys(), projectID), &api.HTTPRequest{ResBodyObj: &keysWrapper}, "")
 	if err != nil {
 		return err
 	}
+	keys := keysWrapper["keys"]
 	tempKeySet := map[string]jwk.Key{}
 	for i := range keys {
 		b, err := utils.Marshal(keys[i])