assertion.go at main · sparrowtek.com/atproto-auth-proxy

Stateless auth proxy that converts AT Protocol native apps from public to confidential OAuth clients. Deploy once, get 180-day refresh tokens instead of 24-hour ones.

fork atom

atproto-auth-proxy / assertion.go

at main 34 lines 755 B view raw

wrap content

radmakr.com Project Scaffolding 12d ago

2c12d456

 1package main
 2
 3import (
 4	"fmt"
 5	"time"
 6
 7	"github.com/google/uuid"
 8	"github.com/lestrrat-go/jwx/v2/jwa"
 9	"github.com/lestrrat-go/jwx/v2/jwk"
10	"github.com/lestrrat-go/jwx/v2/jwt"
11)
12
13func GenerateClientAssertion(signingKey jwk.Key, clientID string, audience string) (string, error) {
14	now := time.Now()
15
16	token, err := jwt.NewBuilder().
17		Issuer(clientID).
18		Subject(clientID).
19		Audience([]string{audience}).
20		JwtID(uuid.New().String()).
21		IssuedAt(now).
22		Expiration(now.Add(60 * time.Second)).
23		Build()
24	if err != nil {
25		return "", fmt.Errorf("failed to build JWT: %w", err)
26	}
27
28	signed, err := jwt.Sign(token, jwt.WithKey(jwa.ES256, signingKey))
29	if err != nil {
30		return "", fmt.Errorf("failed to sign JWT: %w", err)
31	}
32
33	return string(signed), nil
34}