@rivascva/dt-idl 1.1.128 → 1.1.129

package/go/auth/jwt.go

@@ -41,22 +41,22 @@ func NewServiceAccessToken(accessTokenSecret string, issuer string, service stri
 
 // NewUserRefreshToken creates a new JWT refresh token for the given user id.
 func NewUserRefreshToken(refreshTokenSecret string, issuer string, userId string, duration time.Duration) (*jwt.Token, error) {
-	return newRefreshToken(refreshTokenSecret, issuer, userId, duration)
+	return newRefreshToken(refreshTokenSecret, "user", issuer, userId, duration)
 }
 
 // NewServiceRefreshToken creates a new JWT refresh token for the given service.
 func NewServiceRefreshToken(refreshTokenSecret string, issuer string, service string, duration time.Duration) (*jwt.Token, error) {
-	return newRefreshToken(refreshTokenSecret, issuer, service, duration)
+	return newRefreshToken(refreshTokenSecret, "service", issuer, service, duration)
 }
 
 // newAccessToken creates a new JWT access token.
-func newAccessToken(accessTokenSecret string, ttype string, issuer string, subject string, duration time.Duration) (*jwt.Token, error) {
+func newAccessToken(accessTokenSecret string, tokenType string, issuer string, subject string, duration time.Duration) (*jwt.Token, error) {
 	t := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
-		"type": ttype,
-		"iss":  issuer,
-		"sub":  subject,
-		"iat":  jwt.NewNumericDate(time.Now()),
-		"exp":  jwt.NewNumericDate(time.Now().Add(duration)),
+		"typ": fmt.Sprintf("access:%s", tokenType),
+		"iss": issuer,
+		"sub": subject,
+		"iat": jwt.NewNumericDate(time.Now()),
+		"exp": jwt.NewNumericDate(time.Now().Add(duration)),
 	})
 
 	s, err := t.SignedString([]byte(accessTokenSecret))
@@ -78,13 +78,13 @@ func newAccessToken(accessTokenSecret string, ttype string, issuer string, subje
 }
 
 // newRefreshToken creates a new JWT refresh token.
-func newRefreshToken(refreshTokenSecret string, issuer string, subject string, duration time.Duration) (*jwt.Token, error) {
+func newRefreshToken(refreshTokenSecret string, tokenType string, issuer string, subject string, duration time.Duration) (*jwt.Token, error) {
 	t := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
-		"type": "refresh",
-		"iss":  issuer,
-		"sub":  subject,
-		"iat":  jwt.NewNumericDate(time.Now()),
-		"exp":  jwt.NewNumericDate(time.Now().Add(duration)),
+		"typ": fmt.Sprintf("refresh:%s", tokenType),
+		"iss": issuer,
+		"sub": subject,
+		"iat": jwt.NewNumericDate(time.Now()),
+		"exp": jwt.NewNumericDate(time.Now().Add(duration)),
 	})
 
 	s, err := t.SignedString([]byte(refreshTokenSecret))

package/go/auth/utils.go

@@ -24,9 +24,9 @@ func CanActorAccessResourcesForUser(ctx context.Context, userId string) (bool, e
 
 	// check if the actor is allowed to access the user id
 	switch tokenType {
-	case "user":
+	case "access:user":
 		return actorId == userId, nil
-	case "service":
+	case "access:service":
 		return slices.Contains(approvedServices, actorId), nil
 	default:
 		return false, fmt.Errorf("invalid token type %s", tokenType)
@@ -49,9 +49,9 @@ func CanActorAccessAllResources(ctx context.Context) (bool, error) {
 
 	// check if the actor is a service
 	switch tokenType {
-	case "user":
+	case "access:user":
 		return false, nil
-	case "service":
+	case "access:service":
 		return slices.Contains(approvedServices, actorId), nil
 	default:
 		return false, fmt.Errorf("invalid token type %s", tokenType)

package/go/utils/context.go

@@ -49,7 +49,7 @@ func GetTokenTypeFromContext(ctx context.Context) (string, error) {
 	}
 
 	// get the token type from the access token
-	tokenType, ok := accessToken.Claims.(jwt.MapClaims)["type"].(string)
+	tokenType, ok := accessToken.Claims.(jwt.MapClaims)["typ"].(string)
 	if !ok {
 		return "", errors.New("token type not found in the access token")
 	}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rivascva/dt-idl",
-  "version": "1.1.128",
+  "version": "1.1.129",
   "description": "Dream Trade - Interface Definition Language",
   "main": "dist/index.cjs.js",
   "module": "dist/index.esm.js",