Skip to content

Instantly share code, notes, and snippets.

@mmailhos
Last active June 26, 2020 17:20
Show Gist options
  • Save mmailhos/361f24316d2de29e8d41e808e0071b13 to your computer and use it in GitHub Desktop.
Save mmailhos/361f24316d2de29e8d41e808e0071b13 to your computer and use it in GitHub Desktop.
Exemple of signign an AWS Access Token - Unfixed
package main
import (
"crypto/rsa"
"encoding/base64"
"encoding/binary"
"encoding/json"
"fmt"
"github.com/dgrijalva/jwt-go"
"io/ioutil"
"log"
"math/big"
"net/http")
type AccessToken struct {
Exp uint32 `json:"exp"`
TokenUse string `json:"token_use"`
Iss string `json:"iss"`
ClientId string `json:"client_id"`
Username string `json:"username"`
Kid string `json:"kid"`
Alg string `json:"alg"`
jwt.StandardClaims
}
func main() {
//Access Token returned from AWS
tokenString := "eyJraWQiOiJqRb2pKdEZCNE5jSEdQZnFcaDNIcjZidVdYQjRXOTFFN3ltY2NRE33TT0iLCJhbGciOiJSUzI1NFiJ9.eyJzdWIiOGGFWMwNmExOS1iMTgj4LTQ0YzAtOD4NmNy04N1jY1NmNjNGYy4MzE0iLCJ0b2tlbl91c2UiOiJhY2Nlc53MiLC3JzY29wZSI61ImF3cy5jb2duaXRvLnNpZ25pbi51gc52V3yLmbFkbWiX34IjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tXC91cy1lYXN0LTFfR3U4WWFUaDcyIiwiZXhwIjoxNDcwMjc4MzExLCJpYXQiOjE0NzAyNzQ3MTEsImp0aSI6IjhmNTBiZmU4LWVlNGUtNGFkZi04MDQxLWU5MGM4YWJkZDExZCIsImNsaWVudF9pZCI6IjRwNzNuYjhra3NsbHJrbTlzMzdzYXZr4FjiwidXNlcm5hbWUiOiJtYXRlbyJ9.GYZQKv7o8_o9E4ktVKZngYD4BS5QluOMwE-MRcJB432CmNimQm6JbvT3H48ECThe4f3sZ1KyVbgDJbyUnlkaAwMEBjMnlV7AUaZb-ifveM7kHM30BS5LCV_SCiCk-PvmWjeIHu9bR3EwG8azJCceD5Are03LmhAtPN94gRy-opXJPAnaCba00AwKBd_pN3UH7LYu4u4EQ29eIfn4k4RCLuR31jr7ad3dvvjhhy658dQSHzSuPZGcN1-CRVSlrd0nk0Ba2t8W33LtjxM6wzPThWgh0fpy2XEDosGU_9FiXdEjUKisE3VHxroygQ8ekVWKHssa2eu3rCx8OthWzaGag0w1"
//JWKS.json from AWS User Pool
rawN := "rdTmzrh7tw0i_YreN0MDLejnS0jrewIFoSzRfFEbqf-bwGre3zGAk9HGZreG6B5gg1D40Jsz1upo4E70VS0raGfSBPrePO7ZAJ2VCUUeblr9X_aWK4f294v4Cf3n8jZyFcGK9qhgcqy3DlHqqDANtjamWVtEhTRTFc-qoz1ScvHmPupsXlj1FsAEFEbVhP4705ez5gW3uQOoidrm38sPFwCN7g7xhA9CyzF04Zsjky55OfMCyWlIt7nljLx7ZRG3dVRD3vdEBI99qtxf43qMCWSPUk7Whn11Wf_u0xDrWhtGR9k599rKBBRWuqcujYYnFuOp80BeQIL25cePPK8lxw"
rawE := "AQAB"
decodedE, err := base64.RawURLEncoding.DecodeString(rawE)
if err != nil {
panic(err)
}
if len(decodedE) < 4 {
ndata := make([]byte, 4)
copy(ndata[4-len(decodedE):], decodedE)
decodedE = ndata
}
pubKey := &rsa.PublicKey{
N: &big.Int{},
E: int(binary.BigEndian.Uint32(decodedE[:])),
}
decodedN, err := base64.RawURLEncoding.DecodeString(rawN)
if err != nil {
panic(err)
}
pubKey.N.SetBytes(decodedN)
fmt.Println(decodedN)
fmt.Println(decodedE)
fmt.Printf("%#v\n", *pubKey)
token, err := jwt.ParseWithClaims(tokenString, &AccessToken{}, func(token *jwt.Token) (verifykey interface{}, err error) {
return pubKey, nil
})
if err != nil {
fmt.Println(err)
} else {
fmt.Println(token.Valid)
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment