forked from Mirrors/oauth2
Merge branch 'master' into master
This commit is contained in:
commit
3045b9f9df
|
@ -4,9 +4,9 @@
|
||||||
|
|
||||||
// Package google provides support for making OAuth2 authorized and authenticated
|
// Package google provides support for making OAuth2 authorized and authenticated
|
||||||
// HTTP requests to Google APIs. It supports the Web server flow, client-side
|
// HTTP requests to Google APIs. It supports the Web server flow, client-side
|
||||||
// credentials, service accounts, Google Compute Engine service accounts, Google
|
// credentials, service accounts, Google Compute Engine service accounts,
|
||||||
// App Engine service accounts and workload identity federation from non-Google
|
// Google App Engine service accounts and workload identity federation
|
||||||
// cloud platforms.
|
// from non-Google cloud platforms.
|
||||||
//
|
//
|
||||||
// A brief overview of the package follows. For more information, please read
|
// A brief overview of the package follows. For more information, please read
|
||||||
// https://developers.google.com/accounts/docs/OAuth2
|
// https://developers.google.com/accounts/docs/OAuth2
|
||||||
|
|
|
@ -13,7 +13,6 @@ import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"golang.org/x/oauth2"
|
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
@ -23,6 +22,8 @@ import (
|
||||||
"sort"
|
"sort"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"golang.org/x/oauth2"
|
||||||
)
|
)
|
||||||
|
|
||||||
type awsSecurityCredentials struct {
|
type awsSecurityCredentials struct {
|
||||||
|
@ -343,6 +344,9 @@ func (cs *awsCredentialSource) getRegion() (string, error) {
|
||||||
if envAwsRegion := getenv("AWS_REGION"); envAwsRegion != "" {
|
if envAwsRegion := getenv("AWS_REGION"); envAwsRegion != "" {
|
||||||
return envAwsRegion, nil
|
return envAwsRegion, nil
|
||||||
}
|
}
|
||||||
|
if envAwsRegion := getenv("AWS_DEFAULT_REGION"); envAwsRegion != "" {
|
||||||
|
return envAwsRegion, nil
|
||||||
|
}
|
||||||
|
|
||||||
if cs.RegionURL == "" {
|
if cs.RegionURL == "" {
|
||||||
return "", errors.New("oauth2/google: unable to determine AWS region")
|
return "", errors.New("oauth2/google: unable to determine AWS region")
|
||||||
|
|
|
@ -638,6 +638,81 @@ func TestAwsCredential_BasicRequestWithEnv(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestAwsCredential_BasicRequestWithDefaultEnv(t *testing.T) {
|
||||||
|
server := createDefaultAwsTestServer()
|
||||||
|
ts := httptest.NewServer(server)
|
||||||
|
|
||||||
|
tfc := testFileConfig
|
||||||
|
tfc.CredentialSource = server.getCredentialSource(ts.URL)
|
||||||
|
|
||||||
|
oldGetenv := getenv
|
||||||
|
defer func() { getenv = oldGetenv }()
|
||||||
|
getenv = setEnvironment(map[string]string{
|
||||||
|
"AWS_ACCESS_KEY_ID": "AKIDEXAMPLE",
|
||||||
|
"AWS_SECRET_ACCESS_KEY": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
|
||||||
|
"AWS_DEFAULT_REGION": "us-west-1",
|
||||||
|
})
|
||||||
|
|
||||||
|
base, err := tfc.parse(context.Background())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("parse() failed %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
out, err := base.subjectToken()
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("retrieveSubjectToken() failed: %v", err)
|
||||||
|
}
|
||||||
|
expected := getExpectedSubjectToken(
|
||||||
|
"https://sts.us-west-1.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15",
|
||||||
|
"us-west-1",
|
||||||
|
"AKIDEXAMPLE",
|
||||||
|
"wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
|
||||||
|
"",
|
||||||
|
)
|
||||||
|
|
||||||
|
if got, want := out, expected; !reflect.DeepEqual(got, want) {
|
||||||
|
t.Errorf("subjectToken = %q, want %q", got, want)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestAwsCredential_BasicRequestWithTwoRegions(t *testing.T) {
|
||||||
|
server := createDefaultAwsTestServer()
|
||||||
|
ts := httptest.NewServer(server)
|
||||||
|
|
||||||
|
tfc := testFileConfig
|
||||||
|
tfc.CredentialSource = server.getCredentialSource(ts.URL)
|
||||||
|
|
||||||
|
oldGetenv := getenv
|
||||||
|
defer func() { getenv = oldGetenv }()
|
||||||
|
getenv = setEnvironment(map[string]string{
|
||||||
|
"AWS_ACCESS_KEY_ID": "AKIDEXAMPLE",
|
||||||
|
"AWS_SECRET_ACCESS_KEY": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
|
||||||
|
"AWS_REGION": "us-west-1",
|
||||||
|
"AWS_DEFAULT_REGION": "us-east-1",
|
||||||
|
})
|
||||||
|
|
||||||
|
base, err := tfc.parse(context.Background())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("parse() failed %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
out, err := base.subjectToken()
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("retrieveSubjectToken() failed: %v", err)
|
||||||
|
}
|
||||||
|
expected := getExpectedSubjectToken(
|
||||||
|
"https://sts.us-west-1.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15",
|
||||||
|
"us-west-1",
|
||||||
|
"AKIDEXAMPLE",
|
||||||
|
"wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
|
||||||
|
"",
|
||||||
|
)
|
||||||
|
|
||||||
|
if got, want := out, expected; !reflect.DeepEqual(got, want) {
|
||||||
|
t.Errorf("subjectToken = %q, want %q", got, want)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func TestAwsCredential_RequestWithBadVersion(t *testing.T) {
|
func TestAwsCredential_RequestWithBadVersion(t *testing.T) {
|
||||||
server := createDefaultAwsTestServer()
|
server := createDefaultAwsTestServer()
|
||||||
ts := httptest.NewServer(server)
|
ts := httptest.NewServer(server)
|
||||||
|
|
|
@ -20,15 +20,34 @@ var now = func() time.Time {
|
||||||
|
|
||||||
// Config stores the configuration for fetching tokens with external credentials.
|
// Config stores the configuration for fetching tokens with external credentials.
|
||||||
type Config struct {
|
type Config struct {
|
||||||
|
// Audience is the Secure Token Service (STS) audience which contains the resource name for the workload
|
||||||
|
// identity pool or the workforce pool and the provider identifier in that pool.
|
||||||
Audience string
|
Audience string
|
||||||
|
// SubjectTokenType is the STS token type based on the Oauth2.0 token exchange spec
|
||||||
|
// e.g. `urn:ietf:params:oauth:token-type:jwt`.
|
||||||
SubjectTokenType string
|
SubjectTokenType string
|
||||||
|
// TokenURL is the STS token exchange endpoint.
|
||||||
TokenURL string
|
TokenURL string
|
||||||
|
// TokenInfoURL is the token_info endpoint used to retrieve the account related information (
|
||||||
|
// user attributes like account identifier, eg. email, username, uid, etc). This is
|
||||||
|
// needed for gCloud session account identification.
|
||||||
TokenInfoURL string
|
TokenInfoURL string
|
||||||
|
// ServiceAccountImpersonationURL is the URL for the service account impersonation request. This is only
|
||||||
|
// required for workload identity pools when APIs to be accessed have not integrated with UberMint.
|
||||||
ServiceAccountImpersonationURL string
|
ServiceAccountImpersonationURL string
|
||||||
|
// ClientSecret is currently only required if token_info endpoint also
|
||||||
|
// needs to be called with the generated GCP access token. When provided, STS will be
|
||||||
|
// called with additional basic authentication using client_id as username and client_secret as password.
|
||||||
ClientSecret string
|
ClientSecret string
|
||||||
|
// ClientID is only required in conjunction with ClientSecret, as described above.
|
||||||
ClientID string
|
ClientID string
|
||||||
|
// CredentialSource contains the necessary information to retrieve the token itself, as well
|
||||||
|
// as some environmental information.
|
||||||
CredentialSource CredentialSource
|
CredentialSource CredentialSource
|
||||||
|
// QuotaProjectID is injected by gCloud. If the value is non-empty, the Auth libraries
|
||||||
|
// will set the x-goog-user-project which overrides the project associated with the credentials.
|
||||||
QuotaProjectID string
|
QuotaProjectID string
|
||||||
|
// Scopes contains the desired scopes for the returned access token.
|
||||||
Scopes []string
|
Scopes []string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -66,6 +85,8 @@ type format struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// CredentialSource stores the information necessary to retrieve the credentials for the STS exchange.
|
// CredentialSource stores the information necessary to retrieve the credentials for the STS exchange.
|
||||||
|
// Either the File or the URL field should be filled, depending on the kind of credential in question.
|
||||||
|
// The EnvironmentID should start with AWS if being used for an AWS credential.
|
||||||
type CredentialSource struct {
|
type CredentialSource struct {
|
||||||
File string `json:"file"`
|
File string `json:"file"`
|
||||||
|
|
||||||
|
@ -107,7 +128,7 @@ type baseCredentialSource interface {
|
||||||
subjectToken() (string, error)
|
subjectToken() (string, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
// tokenSource is the source that handles external credentials.
|
// tokenSource is the source that handles external credentials. It is used to retrieve Tokens.
|
||||||
type tokenSource struct {
|
type tokenSource struct {
|
||||||
ctx context.Context
|
ctx context.Context
|
||||||
conf *Config
|
conf *Config
|
||||||
|
|
|
@ -19,6 +19,9 @@ type clientAuthentication struct {
|
||||||
ClientSecret string
|
ClientSecret string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// InjectAuthentication is used to add authentication to a Secure Token Service exchange
|
||||||
|
// request. It modifies either the passed url.Values or http.Header depending on the desired
|
||||||
|
// authentication format.
|
||||||
func (c *clientAuthentication) InjectAuthentication(values url.Values, headers http.Header) {
|
func (c *clientAuthentication) InjectAuthentication(values url.Values, headers http.Header) {
|
||||||
if c.ClientID == "" || c.ClientSecret == "" || values == nil || headers == nil {
|
if c.ClientID == "" || c.ClientSecret == "" || values == nil || headers == nil {
|
||||||
return
|
return
|
||||||
|
|
|
@ -36,7 +36,7 @@ type impersonateTokenSource struct {
|
||||||
scopes []string
|
scopes []string
|
||||||
}
|
}
|
||||||
|
|
||||||
// Token performs the exchange to get a temporary service account
|
// Token performs the exchange to get a temporary service account token to allow access to GCP.
|
||||||
func (its impersonateTokenSource) Token() (*oauth2.Token, error) {
|
func (its impersonateTokenSource) Token() (*oauth2.Token, error) {
|
||||||
reqBody := generateAccessTokenReq{
|
reqBody := generateAccessTokenReq{
|
||||||
Lifetime: "3600s",
|
Lifetime: "3600s",
|
||||||
|
|
|
@ -7,7 +7,6 @@ package externalaccount
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
"testing"
|
"testing"
|
||||||
|
@ -20,7 +19,6 @@ func TestRetrieveURLSubjectToken_Text(t *testing.T) {
|
||||||
if r.Method != "GET" {
|
if r.Method != "GET" {
|
||||||
t.Errorf("Unexpected request method, %v is found", r.Method)
|
t.Errorf("Unexpected request method, %v is found", r.Method)
|
||||||
}
|
}
|
||||||
fmt.Println(r.Header)
|
|
||||||
if r.Header.Get("Metadata") != "True" {
|
if r.Header.Get("Metadata") != "True" {
|
||||||
t.Errorf("Metadata header not properly included.")
|
t.Errorf("Metadata header not properly included.")
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,6 +7,7 @@ package google
|
||||||
import (
|
import (
|
||||||
"crypto/rsa"
|
"crypto/rsa"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"golang.org/x/oauth2"
|
"golang.org/x/oauth2"
|
||||||
|
@ -24,6 +25,28 @@ import (
|
||||||
// optimization supported by a few Google services.
|
// optimization supported by a few Google services.
|
||||||
// Unless you know otherwise, you should use JWTConfigFromJSON instead.
|
// Unless you know otherwise, you should use JWTConfigFromJSON instead.
|
||||||
func JWTAccessTokenSourceFromJSON(jsonKey []byte, audience string) (oauth2.TokenSource, error) {
|
func JWTAccessTokenSourceFromJSON(jsonKey []byte, audience string) (oauth2.TokenSource, error) {
|
||||||
|
return newJWTSource(jsonKey, audience, nil)
|
||||||
|
}
|
||||||
|
|
||||||
|
// JWTAccessTokenSourceWithScope uses a Google Developers service account JSON
|
||||||
|
// key file to read the credentials that authorize and authenticate the
|
||||||
|
// requests, and returns a TokenSource that does not use any OAuth2 flow but
|
||||||
|
// instead creates a JWT and sends that as the access token.
|
||||||
|
// The scope is typically a list of URLs that specifies the scope of the
|
||||||
|
// credentials.
|
||||||
|
//
|
||||||
|
// Note that this is not a standard OAuth flow, but rather an
|
||||||
|
// optimization supported by a few Google services.
|
||||||
|
// Unless you know otherwise, you should use JWTConfigFromJSON instead.
|
||||||
|
func JWTAccessTokenSourceWithScope(jsonKey []byte, scope ...string) (oauth2.TokenSource, error) {
|
||||||
|
return newJWTSource(jsonKey, "", scope)
|
||||||
|
}
|
||||||
|
|
||||||
|
func newJWTSource(jsonKey []byte, audience string, scopes []string) (oauth2.TokenSource, error) {
|
||||||
|
if len(scopes) == 0 && audience == "" {
|
||||||
|
return nil, fmt.Errorf("google: missing scope/audience for JWT access token")
|
||||||
|
}
|
||||||
|
|
||||||
cfg, err := JWTConfigFromJSON(jsonKey)
|
cfg, err := JWTConfigFromJSON(jsonKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("google: could not parse JSON key: %v", err)
|
return nil, fmt.Errorf("google: could not parse JSON key: %v", err)
|
||||||
|
@ -35,6 +58,7 @@ func JWTAccessTokenSourceFromJSON(jsonKey []byte, audience string) (oauth2.Token
|
||||||
ts := &jwtAccessTokenSource{
|
ts := &jwtAccessTokenSource{
|
||||||
email: cfg.Email,
|
email: cfg.Email,
|
||||||
audience: audience,
|
audience: audience,
|
||||||
|
scopes: scopes,
|
||||||
pk: pk,
|
pk: pk,
|
||||||
pkID: cfg.PrivateKeyID,
|
pkID: cfg.PrivateKeyID,
|
||||||
}
|
}
|
||||||
|
@ -47,6 +71,7 @@ func JWTAccessTokenSourceFromJSON(jsonKey []byte, audience string) (oauth2.Token
|
||||||
|
|
||||||
type jwtAccessTokenSource struct {
|
type jwtAccessTokenSource struct {
|
||||||
email, audience string
|
email, audience string
|
||||||
|
scopes []string
|
||||||
pk *rsa.PrivateKey
|
pk *rsa.PrivateKey
|
||||||
pkID string
|
pkID string
|
||||||
}
|
}
|
||||||
|
@ -54,10 +79,12 @@ type jwtAccessTokenSource struct {
|
||||||
func (ts *jwtAccessTokenSource) Token() (*oauth2.Token, error) {
|
func (ts *jwtAccessTokenSource) Token() (*oauth2.Token, error) {
|
||||||
iat := time.Now()
|
iat := time.Now()
|
||||||
exp := iat.Add(time.Hour)
|
exp := iat.Add(time.Hour)
|
||||||
|
scope := strings.Join(ts.scopes, " ")
|
||||||
cs := &jws.ClaimSet{
|
cs := &jws.ClaimSet{
|
||||||
Iss: ts.email,
|
Iss: ts.email,
|
||||||
Sub: ts.email,
|
Sub: ts.email,
|
||||||
Aud: ts.audience,
|
Aud: ts.audience,
|
||||||
|
Scope: scope,
|
||||||
Iat: iat.Unix(),
|
Iat: iat.Unix(),
|
||||||
Exp: exp.Unix(),
|
Exp: exp.Unix(),
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,29 +13,21 @@ import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
"strings"
|
"strings"
|
||||||
|
"sync"
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"golang.org/x/oauth2/jws"
|
"golang.org/x/oauth2/jws"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestJWTAccessTokenSourceFromJSON(t *testing.T) {
|
var (
|
||||||
// Generate a key we can use in the test data.
|
privateKey *rsa.PrivateKey
|
||||||
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
jsonKey []byte
|
||||||
if err != nil {
|
once sync.Once
|
||||||
t.Fatal(err)
|
)
|
||||||
}
|
|
||||||
|
|
||||||
// Encode the key and substitute into our example JSON.
|
func TestJWTAccessTokenSourceFromJSON(t *testing.T) {
|
||||||
enc := pem.EncodeToMemory(&pem.Block{
|
setupDummyKey(t)
|
||||||
Type: "PRIVATE KEY",
|
|
||||||
Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
|
|
||||||
})
|
|
||||||
enc, err = json.Marshal(string(enc))
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("json.Marshal: %v", err)
|
|
||||||
}
|
|
||||||
jsonKey := bytes.Replace(jwtJSONKey, []byte(`"super secret key"`), enc, 1)
|
|
||||||
|
|
||||||
ts, err := JWTAccessTokenSourceFromJSON(jsonKey, "audience")
|
ts, err := JWTAccessTokenSourceFromJSON(jsonKey, "audience")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -89,3 +81,80 @@ func TestJWTAccessTokenSourceFromJSON(t *testing.T) {
|
||||||
t.Errorf("Header KeyID = %q, want %q", got, want)
|
t.Errorf("Header KeyID = %q, want %q", got, want)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestJWTAccessTokenSourceWithScope(t *testing.T) {
|
||||||
|
setupDummyKey(t)
|
||||||
|
|
||||||
|
ts, err := JWTAccessTokenSourceWithScope(jsonKey, "scope1", "scope2")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("JWTAccessTokenSourceWithScope: %v\nJSON: %s", err, string(jsonKey))
|
||||||
|
}
|
||||||
|
|
||||||
|
tok, err := ts.Token()
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Token: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if got, want := tok.TokenType, "Bearer"; got != want {
|
||||||
|
t.Errorf("TokenType = %q, want %q", got, want)
|
||||||
|
}
|
||||||
|
if got := tok.Expiry; tok.Expiry.Before(time.Now()) {
|
||||||
|
t.Errorf("Expiry = %v, should not be expired", got)
|
||||||
|
}
|
||||||
|
|
||||||
|
err = jws.Verify(tok.AccessToken, &privateKey.PublicKey)
|
||||||
|
if err != nil {
|
||||||
|
t.Errorf("jws.Verify on AccessToken: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
claim, err := jws.Decode(tok.AccessToken)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("jws.Decode on AccessToken: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if got, want := claim.Iss, "gopher@developer.gserviceaccount.com"; got != want {
|
||||||
|
t.Errorf("Iss = %q, want %q", got, want)
|
||||||
|
}
|
||||||
|
if got, want := claim.Sub, "gopher@developer.gserviceaccount.com"; got != want {
|
||||||
|
t.Errorf("Sub = %q, want %q", got, want)
|
||||||
|
}
|
||||||
|
if got, want := claim.Scope, "scope1 scope2"; got != want {
|
||||||
|
t.Errorf("Aud = %q, want %q", got, want)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Finally, check the header private key.
|
||||||
|
parts := strings.Split(tok.AccessToken, ".")
|
||||||
|
hdrJSON, err := base64.RawURLEncoding.DecodeString(parts[0])
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("base64 DecodeString: %v\nString: %q", err, parts[0])
|
||||||
|
}
|
||||||
|
var hdr jws.Header
|
||||||
|
if err := json.Unmarshal([]byte(hdrJSON), &hdr); err != nil {
|
||||||
|
t.Fatalf("json.Unmarshal: %v (%q)", err, hdrJSON)
|
||||||
|
}
|
||||||
|
|
||||||
|
if got, want := hdr.KeyID, "268f54e43a1af97cfc71731688434f45aca15c8b"; got != want {
|
||||||
|
t.Errorf("Header KeyID = %q, want %q", got, want)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func setupDummyKey(t *testing.T) {
|
||||||
|
once.Do(func() {
|
||||||
|
// Generate a key we can use in the test data.
|
||||||
|
pk, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
privateKey = pk
|
||||||
|
// Encode the key and substitute into our example JSON.
|
||||||
|
enc := pem.EncodeToMemory(&pem.Block{
|
||||||
|
Type: "PRIVATE KEY",
|
||||||
|
Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
|
||||||
|
})
|
||||||
|
enc, err = json.Marshal(string(enc))
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("json.Marshal: %v", err)
|
||||||
|
}
|
||||||
|
jsonKey = bytes.Replace(jwtJSONKey, []byte(`"super secret key"`), enc, 1)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue