Skip to content

Commit a26a8a8

Browse files
sweatybridgesweatybridge
committed
chore: copy pointer type
1 parent 419dd46 commit a26a8a8

File tree

2 files changed

+23
-36
lines changed

2 files changed

+23
-36
lines changed

pkg/config/auth.go

Lines changed: 15 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -111,26 +111,24 @@ type JWK struct {
111111
// ToPublicJWK converts a JWK to a public-only version by removing private key components
112112
func (j JWK) ToPublicJWK() JWK {
113113
publicJWK := JWK{
114-
KeyType: j.KeyType,
115-
KeyID: j.KeyID,
116-
Use: j.Use,
117-
Algorithm: j.Algorithm,
118-
Extractable: j.Extractable,
114+
KeyType: j.KeyType,
115+
KeyID: j.KeyID,
116+
Use: j.Use,
117+
Algorithm: j.Algorithm,
119118
}
120-
119+
120+
// Copy the underlying type instead of the pointer
121+
if j.Extractable != nil {
122+
publicJWK.Extractable = cast.Ptr(*j.Extractable)
123+
}
124+
121125
// Only include key_ops for verification (not signing) for public keys
122-
if len(j.KeyOps) > 0 {
123-
var publicOps []string
124-
for _, op := range j.KeyOps {
125-
if op == "verify" {
126-
publicOps = append(publicOps, op)
127-
}
128-
}
129-
if len(publicOps) > 0 {
130-
publicJWK.KeyOps = publicOps
126+
for _, op := range j.KeyOps {
127+
if op == "verify" {
128+
publicJWK.KeyOps = append(publicJWK.KeyOps, op)
131129
}
132130
}
133-
131+
134132
switch j.KeyType {
135133
case "RSA":
136134
// Include only public key components for RSA
@@ -142,7 +140,7 @@ func (j JWK) ToPublicJWK() JWK {
142140
publicJWK.X = j.X
143141
publicJWK.Y = j.Y
144142
}
145-
143+
146144
return publicJWK
147145
}
148146

pkg/config/config.go

Lines changed: 8 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1441,27 +1441,16 @@ func (a *auth) ResolveJWKS(ctx context.Context, fsys afero.Fs) (string, error) {
14411441
jwks.Keys = append(jwks.Keys, rJWKS.Keys...)
14421442
}
14431443

1444-
// If SIGNING_KEYS_PATH is provided, read from file and convert to public keys
1445-
if len(a.SigningKeysPath) > 0 {
1446-
f, err := fsys.Open(a.SigningKeysPath)
1444+
// Convert each signing key to public-only version
1445+
for _, key := range a.SigningKeys {
1446+
publicKeyEncoded, err := json.Marshal(key.ToPublicJWK())
14471447
if err != nil {
1448-
return "", errors.Errorf("failed to read signing key: %w", err)
1448+
return "", errors.Errorf("failed to marshal public key: %w", err)
14491449
}
1450-
jwtKeysArray, err := fetcher.ParseJSON[[]JWK](f)
1451-
if err != nil {
1452-
return "", err
1453-
}
1454-
// Convert each signing key to public-only version
1455-
for _, key := range jwtKeysArray {
1456-
publicKey := key.ToPublicJWK()
1457-
publicKeyEncoded, err := json.Marshal(publicKey)
1458-
if err != nil {
1459-
return "", errors.Errorf("failed to marshal public key: %w", err)
1460-
}
1461-
jwks.Keys = append(jwks.Keys, json.RawMessage(publicKeyEncoded))
1462-
}
1463-
} else {
1464-
// Fallback to JWT_SECRET for backward compatibility
1450+
jwks.Keys = append(jwks.Keys, json.RawMessage(publicKeyEncoded))
1451+
}
1452+
// Fallback to JWT_SECRET for backward compatibility
1453+
if len(a.SigningKeys) == 0 {
14651454
jwtSecret := secretJWK{
14661455
KeyType: "oct",
14671456
KeyBase64URL: base64.RawURLEncoding.EncodeToString([]byte(a.JwtSecret.Value)),

0 commit comments

Comments
 (0)