[CLOUDTRUST-5687] Change jwt library

api/keycloak_client.go

@@ -11,13 +11,12 @@ import (
 	commonhttp "github.com/cloudtrust/common-service/v2/errors"
 	"github.com/cloudtrust/keycloak-client/v2"
 	"github.com/cloudtrust/keycloak-client/v2/toolbox"
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/pkg/errors"
 	"gopkg.in/h2non/gentleman.v2"
 	"gopkg.in/h2non/gentleman.v2/plugin"
 	"gopkg.in/h2non/gentleman.v2/plugins/query"
 	"gopkg.in/h2non/gentleman.v2/plugins/timeout"
-
-	jwt "github.com/gbrlsnchs/jwt/v2"
 )
 
 // Client is the keycloak client.
@@ -330,20 +329,18 @@ func extractHostFromToken(token string) (string, error) {
 	return u.Host, nil
 }
 
-func extractIssuerFromToken(token string) (string, error) {
-	payload, _, err := jwt.Parse(token)
-
+func extractIssuerFromToken(tokenStr string) (string, error) {
+	token, _, err := jwt.NewParser().ParseUnverified(tokenStr, jwt.MapClaims{})
 	if err != nil {
 		return "", errors.Wrap(err, keycloak.MsgErrCannotParse+"."+keycloak.TokenMsg)
 	}
 
-	var jot Token
-
-	if err = jwt.Unmarshal(payload, &jot); err != nil {
-		return "", errors.Wrap(err, keycloak.MsgErrCannotUnmarshal+"."+keycloak.TokenMsg)
+	issuer, err := token.Claims.GetIssuer()
+	if err != nil {
+		return "", errors.Wrap(err, keycloak.MsgErrCannotGetIssuer+"."+keycloak.TokenMsg)
 	}
 
-	return jot.Issuer, nil
+	return issuer, nil
 }
 
 // createQueryPlugins create query parameters with the key values paramKV.

api/keycloak_client_test.go

@@ -0,0 +1,25 @@
+package api
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const accessTokenValid = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJpc3MiOiJodHRwczovL3NhbXBsZS5jb20vIn0.xLlV0CYqKDIPI-_IEABEcjRnKVNklivaw9WRmR8SXto"
+
+func TestExtractIssuerFromToken(t *testing.T) {
+	t.Run("Can't parse JWT", func(t *testing.T) {
+		var _, err = extractIssuerFromToken("AAABBBCCC")
+		assert.NotNil(t, err)
+	})
+	t.Run("Can't unmarshal token", func(t *testing.T) {
+		var _, err = extractIssuerFromToken("AAA.BBB.CCC")
+		assert.NotNil(t, err)
+	})
+	t.Run("Valid token", func(t *testing.T) {
+		var issuer, err = extractIssuerFromToken(accessTokenValid)
+		assert.Nil(t, err)
+		assert.Equal(t, "https://sample.com/", issuer)
+	})
+}

errormessages.go

@@ -17,6 +17,7 @@ const (
 	MsgErrUnknownResponseStatusCode = "unknownResponseStatusCode"
 	MsgErrExistingValue             = "existing"
 	MsgErrReadOnly                  = "readOnlyValue"
+	MsgErrCannotGetIssuer           = "cannotGetIssuer"
 
 	EvenParams       = "key/valParametersShouldBeEven"
 	TokenProviderURL = "tokenProviderURL"

go.mod

@@ -5,8 +5,8 @@ go 1.22
 require (
 	github.com/cloudtrust/common-service/v2 v2.8.4
 	github.com/coreos/go-oidc v2.2.1+incompatible
-	github.com/gbrlsnchs/jwt/v2 v2.0.0
 	github.com/go-kit/kit v0.13.0
+	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/golang/mock v1.6.0
 	github.com/gorilla/mux v1.8.1
 	github.com/pkg/errors v0.9.1

go.sum

@@ -5,14 +5,14 @@ github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHo
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/gbrlsnchs/jwt/v2 v2.0.0 h1:4iEVJykJPXrCimVaQJAfBWKAvuzDJi5fDdUBdrdTZ3M=
-github.com/gbrlsnchs/jwt/v2 v2.0.0/go.mod h1:7kIj4oeJPffUpLL8RnU5Y3xT1Sm/VuFqjv8T1tqhqc8=
 github.com/go-kit/kit v0.13.0 h1:OoneCcHKHQ03LfBpoQCUfCluwd2Vt3ohz+kvbJneZAU=
 github.com/go-kit/kit v0.13.0/go.mod h1:phqEHMMUbyrCFCTgH48JueqrM3md2HcAZ8N3XE4FKDg=
 github.com/go-kit/log v0.2.1 h1:MRVx0/zhvdseW+Gza6N9rVzU/IVzaeE1SFI4raAhmBU=
 github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
 github.com/go-logfmt/logfmt v0.6.0 h1:wGYYu3uicYdqXVgoYbvnkrPVXkuLM1p1ifugDMEdRi4=
 github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
+github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
+github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
 github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=

vendor/modules.txt

@@ -11,7 +11,6 @@ github.com/coreos/go-oidc
 github.com/davecgh/go-spew/spew
 # github.com/gbrlsnchs/jwt/v2 v2.0.0
 ## explicit
-github.com/gbrlsnchs/jwt/v2
 # github.com/go-kit/kit v0.13.0
 ## explicit; go 1.17
 github.com/go-kit/kit/endpoint
@@ -23,6 +22,9 @@ github.com/go-kit/log
 # github.com/go-logfmt/logfmt v0.6.0
 ## explicit; go 1.17
 github.com/go-logfmt/logfmt
+# github.com/golang-jwt/jwt/v5 v5.2.1
+## explicit; go 1.18
+github.com/golang-jwt/jwt/v5
 # github.com/golang/mock v1.6.0
 ## explicit; go 1.11
 github.com/golang/mock/mockgen/model