diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2022-12-20 11:27:42 -0600 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2022-12-31 02:57:14 +0000 |
commit | ce05faf698033c9b1544f3d0e7f4eac4e65e2e74 (patch) | |
tree | 3c0246ad3f134dd4374749b106134a4226280cbe /src/mongo/crypto | |
parent | 3793dc38b7593c34c7d00556358fcd6dbd850a0c (diff) | |
download | mongo-ce05faf698033c9b1544f3d0e7f4eac4e65e2e74.tar.gz |
SERVER-70955 Define OIDC protocol and add infra for feature
Diffstat (limited to 'src/mongo/crypto')
-rw-r--r-- | src/mongo/crypto/jws_validated_token.cpp | 9 | ||||
-rw-r--r-- | src/mongo/crypto/jws_validated_token.h | 5 |
2 files changed, 14 insertions, 0 deletions
diff --git a/src/mongo/crypto/jws_validated_token.cpp b/src/mongo/crypto/jws_validated_token.cpp index ba5b4fce3c2..962d9d5a9a4 100644 --- a/src/mongo/crypto/jws_validated_token.cpp +++ b/src/mongo/crypto/jws_validated_token.cpp @@ -103,4 +103,13 @@ JWSValidatedToken::JWSValidatedToken(const JWKManager& keyMgr, StringData token) uassertStatusOK(validate(keyMgr)); }; +StatusWith<std::string> JWSValidatedToken::extractIssuerFromCompactSerialization( + StringData token) try { + auto tokenSplit = parseSignedToken(token); + auto payload = fromjson(base64url::decode(tokenSplit.token[1])); + return JWT::parse(IDLParserContext{"JWT"}, payload).getIssuer().toString(); +} catch (const DBException& ex) { + return ex.toStatus(); +} + } // namespace mongo::crypto diff --git a/src/mongo/crypto/jws_validated_token.h b/src/mongo/crypto/jws_validated_token.h index 61493978763..1f304e37072 100644 --- a/src/mongo/crypto/jws_validated_token.h +++ b/src/mongo/crypto/jws_validated_token.h @@ -49,6 +49,11 @@ public: JWSValidatedToken(const JWKManager& keyMgr, StringData token); /** + * Extract just the Issuer name ('iss') from the token. + */ + static StatusWith<std::string> extractIssuerFromCompactSerialization(StringData token); + + /** * Validates token is not expired or issued on a later date, * verifies it has a validator matching its keyId and finally * it calls validate from the validator, returning the status. |