OAuth2.0 Decode Access Token using Golang

arunangshu · January 14, 2020, 8:05pm

Hi,

I’m new to OAuth2.0 and am using https://github.com/okta/okta-jwt-verifier-golang to verify the ID token. I need help in decoding the access token. Let’s say I currently have the access token as a JWT. How do I decode it to get the payload?

Regards,
Arunangshu

kungfoo · March 11, 2021, 8:14pm

hey, this is what I’m using…

first decode the code and then verify it:

exchange, JSESSIONID := exchangeCode(r.URL.Query().Get("code"), r, cid, cst, issuer)
_, verificationError := verifyToken(exchange.IdToken, cid, issuer)

sending to exchange the code, the http.Request, client id and secrets and the issuer… there you will get the exchange struct with all data… the use jwt verifier to verify it.

Here both functions:

func exchangeCode(code string, r *http.Request, cid string, cst string, issuer string) (Exchange, string) {
	authHeader := base64.StdEncoding.EncodeToString(
		[]byte(cid + ":" + cst))

	q := r.URL.Query()
	q.Add("grant_type", "authorization_code")
	q.Add("code", code)

	//q.Add("scope", "okta.groups.read okta.groups.admin")
	q.Add("redirect_uri", redirectURL)

	url := "https://" + issuer + "/oauth2/v1/token?" + q.Encode()

	req, _ := http.NewRequest("POST", url, bytes.NewReader([]byte("")))
	h := req.Header
	h.Add("Authorization", "Basic "+authHeader)
	h.Add("Accept", "application/json")
	h.Add("Content-Type", "application/x-www-form-urlencoded")
	h.Add("Connection", "close")
	h.Add("Content-Length", "0")

	client := &http.Client{}
	resp, _ := client.Do(req)
	JSESSIONID := ""
	for _, cookie := range resp.Cookies() {
		if cookie.Name == "JSESSIONID" {
			JSESSIONID = cookie.Value
			break
		}
	}
	body, _ := ioutil.ReadAll(resp.Body)
	defer resp.Body.Close()
	var exchange Exchange
	json.Unmarshal(body, &exchange)

	return exchange, JSESSIONID

}
func verifyToken(t string, cid string, issuer string) (*verifier.Jwt, error) {
	tv := map[string]string{}
	tv["nonce"] = nonce
	tv["aud"] = cid
	jv := verifier.JwtVerifier{
		Issuer:           "https://" + issuer,
		ClaimsToValidate: tv,
	}

	result, err := jv.New().VerifyIdToken(t)

	if err != nil {
		return nil, fmt.Errorf("%s", err)
	}

	if result != nil {
		return result, nil
	}

	return nil, fmt.Errorf("token could not be verified: %s", "")
}

type Exchange struct {
	Error            string `json:"error,omitempty"`
	ErrorDescription string `json:"error_description,omitempty"`
	AccessToken      string `json:"access_token,omitempty"`
	TokenType        string `json:"token_type,omitempty"`
	ExpiresIn        int    `json:"expires_in,omitempty"`
	Scope            string `json:"scope,omitempty"`
	IdToken          string `json:"id_token,omitempty"`
}

Hope it is useful for you.

Then I am trying to use this data with the sdk… but I couldn’t figure out how to create a new client with this data… do you know how to do that?