From c7a536146a9b3831252e25cf3eb5968f72d2895d Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Sun, 11 Aug 2019 14:43:09 +0100 Subject: [PATCH] Remove dependency on jwt package As hoauth2 already depends on jose-jwt which offers similar features, jwt was not required. --- kubernetes-client/package.yaml | 2 +- .../src/Kubernetes/Client/Auth/OIDC.hs | 31 ++++++++++--------- 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/kubernetes-client/package.yaml b/kubernetes-client/package.yaml index 03eb889..9c31158 100644 --- a/kubernetes-client/package.yaml +++ b/kubernetes-client/package.yaml @@ -48,7 +48,7 @@ dependencies: - hoauth2 - http-client >=0.5 && <0.7 - http-client-tls >=0.3 - - jwt + - jose-jwt - kubernetes-client-core ==0.1.0.1 - microlens >=0.4 && <0.5 - mtl >=2.2 diff --git a/kubernetes-client/src/Kubernetes/Client/Auth/OIDC.hs b/kubernetes-client/src/Kubernetes/Client/Auth/OIDC.hs index bdafafe..455f156 100644 --- a/kubernetes-client/src/Kubernetes/Client/Auth/OIDC.hs +++ b/kubernetes-client/src/Kubernetes/Client/Auth/OIDC.hs @@ -23,8 +23,8 @@ import Network.HTTP.Client.TLS import Network.OAuth.OAuth2 as OAuth import Network.TLS as TLS import URI.ByteString -import Web.JWT as JWT import Web.OIDC.Client.Discovery as OIDC +import Jose.Jwt import qualified Data.ByteString as BS import qualified Data.ByteString.Base64 as B64 @@ -66,20 +66,23 @@ instance Exception OIDCAuthParsingException getToken :: OIDCAuth -> IO Text getToken o@(OIDCAuth{..}) = do now <- getPOSIXTime - mgr <- newManager tlsManagerSettings - idToken <- readTVarIO idTokenTVar - let maybeExp = idToken - & (>>= decode) - & (fmap claims) - & (>>= JWT.exp) - & (fmap secondsSinceEpoch) - isValidToken = fromMaybe False (fmap (now <) maybeExp) - if not isValidToken - then fetchToken mgr o - else maybe (throwM $ OIDCGetTokenException "impossible") pure idToken + maybeIdToken <- readTVarIO idTokenTVar + case maybeIdToken of + Nothing -> fetchToken o + Just idToken -> do + let maybeExp = decodeClaims (Text.encodeUtf8 idToken) + & rightToMaybe + & fmap snd + & (>>= jwtExp) + case maybeExp of + Nothing -> fetchToken o + Just (IntDate expiryDate) -> if now < expiryDate + then pure idToken + else fetchToken o -fetchToken :: Manager -> OIDCAuth -> IO Text -fetchToken mgr o@(OIDCAuth{..}) = do +fetchToken :: OIDCAuth -> IO Text +fetchToken o@(OIDCAuth{..}) = do + mgr <- newManager tlsManagerSettings maybeToken <- readTVarIO refreshTokenTVar case maybeToken of Nothing -> throwM $ OIDCGetTokenException "cannot refresh id-token without a refresh token"