Remove dependency on jwt package

As hoauth2 already depends on jose-jwt which offers similar features, jwt was not required.
2019-08-11 14:43:09 +01:00
parent 7e2a0a69a2
commit c7a536146a
2 changed files with 18 additions and 15 deletions
--- a/kubernetes-client/package.yaml
+++ b/kubernetes-client/package.yaml
@@ -48,7 +48,7 @@ dependencies:
  - hoauth2
  - http-client >=0.5 && <0.7
  - http-client-tls >=0.3
-  - jwt
+  - jose-jwt
  - kubernetes-client-core ==0.1.0.1
  - microlens >=0.4 && <0.5
  - mtl >=2.2
--- a/kubernetes-client/src/Kubernetes/Client/Auth/OIDC.hs
+++ b/kubernetes-client/src/Kubernetes/Client/Auth/OIDC.hs
@@ -23,8 +23,8 @@ import Network.HTTP.Client.TLS
 import Network.OAuth.OAuth2                  as OAuth
 import Network.TLS                           as TLS
 import URI.ByteString
-import Web.JWT                               as JWT
 import Web.OIDC.Client.Discovery             as OIDC
+import Jose.Jwt

 import qualified Data.ByteString                   as BS
 import qualified Data.ByteString.Base64            as B64
@@ -66,20 +66,23 @@ instance Exception OIDCAuthParsingException
 getToken :: OIDCAuth -> IO Text
 getToken o@(OIDCAuth{..}) = do
  now <- getPOSIXTime
-  mgr <- newManager tlsManagerSettings
-  idToken <- readTVarIO idTokenTVar
-  let maybeExp = idToken
-                 & (>>= decode)
-                 & (fmap claims)
-                 & (>>= JWT.exp)
-                 & (fmap secondsSinceEpoch)
-      isValidToken = fromMaybe False (fmap (now <) maybeExp)
-  if not isValidToken
-    then fetchToken mgr o
-    else maybe (throwM $ OIDCGetTokenException "impossible") pure idToken
+  maybeIdToken <- readTVarIO idTokenTVar
+  case maybeIdToken of
+    Nothing -> fetchToken o
+    Just idToken -> do
+      let maybeExp = decodeClaims (Text.encodeUtf8 idToken)
+                   & rightToMaybe
+                   & fmap snd
+                   & (>>= jwtExp)
+      case maybeExp of
+        Nothing -> fetchToken o
+        Just (IntDate expiryDate) -> if now < expiryDate
+                                     then pure idToken
+                                     else fetchToken o

-fetchToken :: Manager -> OIDCAuth -> IO Text
-fetchToken mgr o@(OIDCAuth{..}) = do
+fetchToken :: OIDCAuth -> IO Text
+fetchToken o@(OIDCAuth{..}) = do
+  mgr <- newManager tlsManagerSettings
  maybeToken <- readTVarIO refreshTokenTVar
  case maybeToken of
    Nothing -> throwM $ OIDCGetTokenException "cannot refresh id-token without a refresh token"