internal/atproto/auth/jwt.go at 2140aa713440002488b50dbee7616ab20bca257d · bretton.dev/coves

bretton.dev / coves
A community based topic aggregation platform built on atproto
coves / internal / atproto / auth / jwt.go
at 2140aa713440002488b50dbee7616ab20bca257d 8.2 kB view raw
  1package auth
  2
  3import (
  4	"context"
  5	"crypto/ecdsa"
  6	"crypto/elliptic"
  7	"crypto/rsa"
  8	"encoding/base64"
  9	"encoding/json"
 10	"fmt"
 11	"math/big"
 12	"net/url"
 13	"strings"
 14	"time"
 15
 16	"github.com/golang-jwt/jwt/v5"
 17)
 18
 19// Claims represents the standard JWT claims we care about
 20type Claims struct {
 21	jwt.RegisteredClaims
 22	Scope string `json:"scope,omitempty"`
 23}
 24
 25// ParseJWT parses a JWT token without verification (Phase 1)
 26// Returns the claims if the token is valid JSON and has required fields
 27func ParseJWT(tokenString string) (*Claims, error) {
 28	// Remove "Bearer " prefix if present
 29	tokenString = strings.TrimPrefix(tokenString, "Bearer ")
 30	tokenString = strings.TrimSpace(tokenString)
 31
 32	// Parse without verification first to extract claims
 33	parser := jwt.NewParser(jwt.WithoutClaimsValidation())
 34	token, _, err := parser.ParseUnverified(tokenString, &Claims{})
 35	if err != nil {
 36		return nil, fmt.Errorf("failed to parse JWT: %w", err)
 37	}
 38
 39	claims, ok := token.Claims.(*Claims)
 40	if !ok {
 41		return nil, fmt.Errorf("invalid claims type")
 42	}
 43
 44	// Validate required fields
 45	if claims.Subject == "" {
 46		return nil, fmt.Errorf("missing 'sub' claim (user DID)")
 47	}
 48
 49	// atProto PDSes may use 'aud' instead of 'iss' for the authorization server
 50	// If 'iss' is missing, use 'aud' as the authorization server identifier
 51	if claims.Issuer == "" {
 52		if len(claims.Audience) > 0 {
 53			claims.Issuer = claims.Audience[0]
 54		} else {
 55			return nil, fmt.Errorf("missing both 'iss' and 'aud' claims (authorization server)")
 56		}
 57	}
 58
 59	// Validate claims (even in Phase 1, we need basic validation like expiry)
 60	if err := validateClaims(claims); err != nil {
 61		return nil, err
 62	}
 63
 64	return claims, nil
 65}
 66
 67// VerifyJWT verifies a JWT token's signature and claims (Phase 2)
 68// Fetches the public key from the issuer's JWKS endpoint and validates the signature
 69func VerifyJWT(ctx context.Context, tokenString string, keyFetcher JWKSFetcher) (*Claims, error) {
 70	// First parse to get the issuer
 71	claims, err := ParseJWT(tokenString)
 72	if err != nil {
 73		return nil, err
 74	}
 75
 76	// Fetch the public key from the issuer
 77	publicKey, err := keyFetcher.FetchPublicKey(ctx, claims.Issuer, tokenString)
 78	if err != nil {
 79		return nil, fmt.Errorf("failed to fetch public key: %w", err)
 80	}
 81
 82	// Now parse and verify with the public key
 83	tokenString = strings.TrimPrefix(tokenString, "Bearer ")
 84	token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
 85		// Validate signing method - support both RSA and ECDSA (atProto uses ES256 primarily)
 86		switch token.Method.(type) {
 87		case *jwt.SigningMethodRSA, *jwt.SigningMethodECDSA:
 88			// Valid signing methods for atProto
 89		default:
 90			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
 91		}
 92		return publicKey, nil
 93	})
 94	if err != nil {
 95		return nil, fmt.Errorf("failed to verify JWT: %w", err)
 96	}
 97
 98	if !token.Valid {
 99		return nil, fmt.Errorf("token is invalid")
100	}
101
102	verifiedClaims, ok := token.Claims.(*Claims)
103	if !ok {
104		return nil, fmt.Errorf("invalid claims type after verification")
105	}
106
107	// Additional validation
108	if err := validateClaims(verifiedClaims); err != nil {
109		return nil, err
110	}
111
112	return verifiedClaims, nil
113}
114
115// validateClaims performs additional validation on JWT claims
116func validateClaims(claims *Claims) error {
117	now := time.Now()
118
119	// Check expiration
120	if claims.ExpiresAt != nil && claims.ExpiresAt.Before(now) {
121		return fmt.Errorf("token has expired")
122	}
123
124	// Check not before
125	if claims.NotBefore != nil && claims.NotBefore.After(now) {
126		return fmt.Errorf("token not yet valid")
127	}
128
129	// Validate DID format in sub claim
130	if !strings.HasPrefix(claims.Subject, "did:") {
131		return fmt.Errorf("invalid DID format in 'sub' claim: %s", claims.Subject)
132	}
133
134	// Validate issuer is either an HTTPS URL or a DID
135	// atProto uses DIDs (did:web:, did:plc:) or HTTPS URLs as issuer identifiers
136	if !strings.HasPrefix(claims.Issuer, "https://") && !strings.HasPrefix(claims.Issuer, "did:") {
137		return fmt.Errorf("issuer must be HTTPS URL or DID, got: %s", claims.Issuer)
138	}
139
140	// Parse to ensure it's a valid URL
141	if _, err := url.Parse(claims.Issuer); err != nil {
142		return fmt.Errorf("invalid issuer URL: %w", err)
143	}
144
145	// Validate scope if present (lenient: allow empty, but reject wrong scopes)
146	if claims.Scope != "" && !strings.Contains(claims.Scope, "atproto") {
147		return fmt.Errorf("token missing required 'atproto' scope, got: %s", claims.Scope)
148	}
149
150	return nil
151}
152
153// JWKSFetcher defines the interface for fetching public keys from JWKS endpoints
154// Returns interface{} to support both RSA and ECDSA keys
155type JWKSFetcher interface {
156	FetchPublicKey(ctx context.Context, issuer, token string) (interface{}, error)
157}
158
159// JWK represents a JSON Web Key from a JWKS endpoint
160// Supports both RSA and EC (ECDSA) keys
161type JWK struct {
162	Kid string `json:"kid"` // Key ID
163	Kty string `json:"kty"` // Key type ("RSA" or "EC")
164	Alg string `json:"alg"` // Algorithm (e.g., "RS256", "ES256")
165	Use string `json:"use"` // Public key use (should be "sig" for signatures)
166	// RSA fields
167	N string `json:"n,omitempty"` // RSA modulus
168	E string `json:"e,omitempty"` // RSA exponent
169	// EC fields
170	Crv string `json:"crv,omitempty"` // EC curve (e.g., "P-256")
171	X   string `json:"x,omitempty"`   // EC x coordinate
172	Y   string `json:"y,omitempty"`   // EC y coordinate
173}
174
175// ToPublicKey converts a JWK to a public key (RSA or ECDSA)
176func (j *JWK) ToPublicKey() (interface{}, error) {
177	switch j.Kty {
178	case "RSA":
179		return j.toRSAPublicKey()
180	case "EC":
181		return j.toECPublicKey()
182	default:
183		return nil, fmt.Errorf("unsupported key type: %s", j.Kty)
184	}
185}
186
187// toRSAPublicKey converts a JWK to an RSA public key
188func (j *JWK) toRSAPublicKey() (*rsa.PublicKey, error) {
189	// Decode modulus
190	nBytes, err := base64.RawURLEncoding.DecodeString(j.N)
191	if err != nil {
192		return nil, fmt.Errorf("failed to decode RSA modulus: %w", err)
193	}
194
195	// Decode exponent
196	eBytes, err := base64.RawURLEncoding.DecodeString(j.E)
197	if err != nil {
198		return nil, fmt.Errorf("failed to decode RSA exponent: %w", err)
199	}
200
201	// Convert exponent to int
202	var eInt int
203	for _, b := range eBytes {
204		eInt = eInt*256 + int(b)
205	}
206
207	return &rsa.PublicKey{
208		N: new(big.Int).SetBytes(nBytes),
209		E: eInt,
210	}, nil
211}
212
213// toECPublicKey converts a JWK to an ECDSA public key
214func (j *JWK) toECPublicKey() (*ecdsa.PublicKey, error) {
215	// Determine curve
216	var curve elliptic.Curve
217	switch j.Crv {
218	case "P-256":
219		curve = elliptic.P256()
220	case "P-384":
221		curve = elliptic.P384()
222	case "P-521":
223		curve = elliptic.P521()
224	default:
225		return nil, fmt.Errorf("unsupported EC curve: %s", j.Crv)
226	}
227
228	// Decode X coordinate
229	xBytes, err := base64.RawURLEncoding.DecodeString(j.X)
230	if err != nil {
231		return nil, fmt.Errorf("failed to decode EC x coordinate: %w", err)
232	}
233
234	// Decode Y coordinate
235	yBytes, err := base64.RawURLEncoding.DecodeString(j.Y)
236	if err != nil {
237		return nil, fmt.Errorf("failed to decode EC y coordinate: %w", err)
238	}
239
240	return &ecdsa.PublicKey{
241		Curve: curve,
242		X:     new(big.Int).SetBytes(xBytes),
243		Y:     new(big.Int).SetBytes(yBytes),
244	}, nil
245}
246
247// JWKS represents a JSON Web Key Set
248type JWKS struct {
249	Keys []JWK `json:"keys"`
250}
251
252// FindKeyByID finds a key in the JWKS by its key ID
253func (j *JWKS) FindKeyByID(kid string) (*JWK, error) {
254	for _, key := range j.Keys {
255		if key.Kid == kid {
256			return &key, nil
257		}
258	}
259	return nil, fmt.Errorf("key with kid %s not found", kid)
260}
261
262// ExtractKeyID extracts the key ID from a JWT token header
263func ExtractKeyID(tokenString string) (string, error) {
264	tokenString = strings.TrimPrefix(tokenString, "Bearer ")
265	parts := strings.Split(tokenString, ".")
266	if len(parts) != 3 {
267		return "", fmt.Errorf("invalid JWT format")
268	}
269
270	// Decode header
271	headerBytes, err := base64.RawURLEncoding.DecodeString(parts[0])
272	if err != nil {
273		return "", fmt.Errorf("failed to decode header: %w", err)
274	}
275
276	var header struct {
277		Kid string `json:"kid"`
278	}
279	if err := json.Unmarshal(headerBytes, &header); err != nil {
280		return "", fmt.Errorf("failed to unmarshal header: %w", err)
281	}
282
283	if header.Kid == "" {
284		return "", fmt.Errorf("missing kid in token header")
285	}
286
287	return header.Kid, nil
288}