search

shaj13 / go-guardian

Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to create powerful modern API and web authentication.
MIT License
559 stars 56 forks source link

Rotated secrets always triggers a new secret to be generated #107

Closed ChoffaH closed 3 years ago

ChoffaH commented 3 years ago

What version of Go are you using (go version)?

$ go version
1.16

Does this issue reproduce with the latest release?

Yes

What version of Go-Guardian are you using ?

Go-Guardian Version: 
v2.11.3

What did you do?

Trying to get rotated secrets working and have been looking at https://play.golang.org/p/5N-5fWa0mfN (posted by @shaj13) for some help. This is also found somewhere in the examples but can't find it right now.

The issue is that jwt.SecretsKeeper's methods Get and KID doesn't use pointers in it's signature definitions so changes to r.LastRotation in KID is not saved to the keeper struct.

For example this func (r RotatedSecrets) KID() string should be this func (r *RotatedSecrets) KID() string?

What did you expect to see?

That time.Now().After(r.LastRotation) would be false if within specified rotation duration.

What did you see instead?

That time.Now().After(r.LastRotation) is always true as r.LastRotation is always 0.

shaj13 commented 3 years ago

@briwagner if you still looking to contribute, I'd love to see a PR.

briwagner commented 3 years ago

Finally got around to this. I had to build out the example with a couple of requests in order to understand what is happening. But makes sense to me now.

PR: https://github.com/shaj13/go-guardian/pull/110

ChoffaH commented 3 years ago

Great work! 😃