package oauth import ( "github.com/go-jose/go-jose/v3/jwt" ) // Claims represents standard claims along with some custom ones. type Claims struct { jwt.Claims // Domain is the domain claims for the token. Domain DomainClaims `json:"https://hub.docker.com"` // Scope is the scopes for the claims as a string that is space delimited. Scope string `json:"scope,omitempty"` } // DomainClaims represents a custom claim data set that doesn't change the spec // payload. This is primarily introduced by Auth0 and is defined by a fully // specified URL as it's key. e.g. "https://hub.docker.com" type DomainClaims struct { // UUID is the user, machine client, or organization's UUID in our database. UUID string `json:"uuid"` // Email is the user's email address. Email string `json:"email"` // Username is the user's username. Username string `json:"username"` // Source is the source of the JWT. This should look like // `docker_{type}|{id}`. Source string `json:"source"` // SessionID is the unique ID of the token. SessionID string `json:"session_id"` // ClientID is the client_id that generated the token. This is filled if // M2M. ClientID string `json:"client_id,omitempty"` // ClientName is the name of the client that generated the token. This is // filled if M2M. ClientName string `json:"client_name,omitempty"` } // Source represents a source of a JWT. type Source struct { // Type is the type of source. This could be "pat" etc. Type string `json:"type"` // ID is the identifier to the source type. If "pat" then this will be the // ID of the PAT. ID string `json:"id"` } // GetClaims returns claims from an access token without verification. func GetClaims(accessToken string) (claims Claims, err error) { token, err := parseSigned(accessToken) if err != nil { return } err = token.UnsafeClaimsWithoutVerification(&claims) return } // parseSigned parses a JWT and returns the signature object or error. This does // not verify the validity of the JWT. func parseSigned(token string) (*jwt.JSONWebToken, error) { return jwt.ParseSigned(token) }