package jwt import ( "errors" "github.com/micro/go-micro/v2/auth" "github.com/micro/go-micro/v2/auth/token" jwtToken "github.com/micro/go-micro/v2/auth/token/jwt" ) // NewAuth returns a new instance of the Auth service func NewAuth(opts ...auth.Option) auth.Auth { j := new(jwt) j.Init(opts...) return j } type jwt struct { options auth.Options jwt token.Provider } func (j *jwt) String() string { return "jwt" } func (j *jwt) Init(opts ...auth.Option) { for _, o := range opts { o(&j.options) } j.jwt = jwtToken.NewTokenProvider( token.WithPrivateKey(j.options.PrivateKey), token.WithPublicKey(j.options.PublicKey), ) } func (j *jwt) Options() auth.Options { return j.options } func (j *jwt) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) { return nil, errors.New("JWT does not support Generate, use the Token method") } func (j *jwt) Grant(role string, res *auth.Resource) error { return errors.New("JWT does not support Grant") } func (j *jwt) Revoke(role string, res *auth.Resource) error { return errors.New("JWT does not support Revoke") } func (j *jwt) Verify(acc *auth.Account, res *auth.Resource) error { if acc == nil { return auth.ErrForbidden } return nil } func (j *jwt) Inspect(token string) (*auth.Account, error) { return j.jwt.Inspect(token) } func (j *jwt) Token(opts ...auth.TokenOption) (*auth.Token, error) { options := auth.NewTokenOptions(opts...) account := &auth.Account{ ID: options.ID, } tok, err := j.jwt.Generate(account, token.WithExpiry(options.Expiry)) if err != nil { return nil, err } return &auth.Token{ Created: tok.Created, Expiry: tok.Expiry, AccessToken: tok.Token, }, nil }