feat: Add SUB to JWT claim Okta

schubergphilis · Dec 27, 2024 · c44e412 · c44e412
1 parent c6d3dd5
commit c44e412
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 6 deletions.
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -16,6 +16,7 @@ jobs:
         build-args:
           - mcvs-integrationtest-services
           - mcvs-stub-server
+          - oktamock
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/[email protected]

diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,5 @@
 .task
 .vscode
+coverage.html
+functioncoverage.out
+profile.cov
diff --git a/Dockerfile b/Dockerfile
@@ -39,4 +39,5 @@ COPY --from=builder /etc/passwd /etc/passwd
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
 USER ${APPLICATION}
+EXPOSE 8080
 ENTRYPOINT ["/app/main"]
diff --git a/cmd/oktamock/main.go b/cmd/oktamock/main.go
@@ -73,6 +73,7 @@ type JWTConfig struct {
 	Issuer        string        `env:"ISSUER" envDefault:"http://localhost:8080"`
 	KID           string        `env:"KID" envDefault:"mock-kid"`
 	SigningMethod SigningMethod `env:"SIGNING_METHOD" envDefault:"RS256"`
+	Sub           string        `env:"SUB" envDefault:""`
 }
 
 // NewConfig returns the config.
@@ -109,9 +110,9 @@ func main() {
 // OktaMockServer represents a mock Okta server which can be used to create and validate JWT tokens.
 // Serves as a subtitute for using an actual Okta Server.
 type OktaMockServer struct {
-	audience, issuer string
-	expiration       time.Duration
-	groups           []string
+	audience, issuer, sub string
+	expiration            time.Duration
+	groups                []string
 
 	privKey *rsa.PrivateKey
 	jwkKey  jwk.Key
@@ -133,11 +134,12 @@ func (o *OktaMockServer) handleGetValidJWT(w http.ResponseWriter, r *http.Reques
 	now := time.Now()
 	claims := jwt.MapClaims{
 		"aud":    o.audience,
-		"iss":    o.issuer,
-		"iat":    now.Unix(),
 		"exp":    now.Add(o.expiration).Unix(),
-		"nbf":    now.AddDate(0, 0, -1).Unix(),
 		"Groups": o.groups,
+		"iat":    now.Unix(),
+		"iss":    o.issuer,
+		"nbf":    now.AddDate(0, 0, -1).Unix(),
+		"sub":    o.sub,
 	}
 
 	// Add custom claims
@@ -220,6 +222,7 @@ func NewOktaMockServer(cfg *Config) (*OktaMockServer, error) {
 		issuer:     cfg.JWTConfig.Issuer,
 		jwkKey:     jwkKey,
 		privKey:    privKeyRSA,
+		sub:        cfg.JWTConfig.Sub,
 	}, nil
 }