[Path, pkix:format_error(Why)]);
format_error({bad_cert, Why, Path}) ->
format_error({bad_pem, Why, Path});
+format_error({bad_jwt_key, Path}) ->
+ format("No valid JWT key found in file: ~s", [Path]);
format_error({bad_jid, Bad}) ->
format("Invalid XMPP address: ~s", [Bad]);
format_error({bad_user, Bad}) ->
%%% Internal functions
%%%----------------------------------------------------------------------
check_jwt_token(User, Server, Token) ->
- JWK = get_jwk(Server),
+ JWK = ejabberd_option:jwt_key(Server),
try jose_jwt:verify(JWK, Token) of
{true, {jose_jwt, Fields}, Signature} ->
?DEBUG("jwt verify: ~p - ~p~n", [Fields, Signature]),
false
end.
-get_jwk(Host) ->
- jose_jwk:from_binary(ejabberd_option:jwt_key(Host)).
-
%% TODO: auth0 username is defined in 'jid' field, but we should
%% allow customizing the name of the field containing the username
%% to adapt to custom claims.
include_config_file(Host) ->
ejabberd_config:get_option({include_config_file, Host}).
--spec jwt_key() -> binary().
+-spec jwt_key() -> jose_jwk:key().
jwt_key() ->
jwt_key(global).
--spec jwt_key(global | binary()) -> binary().
+-spec jwt_key(global | binary()) -> jose_jwk:key().
jwt_key(Host) ->
ejabberd_config:get_option({jwt_key, Host}).
econf:file(),
fun(Path) ->
case file:read_file(Path) of
- {ok, Binary} -> Binary;
+ {ok, Data} ->
+ try jose_jwk:from_binary(Data) of
+ {error, _} -> econf:fail({bad_jwt_key, Path});
+ Ret -> Ret
+ catch _:_ ->
+ econf:fail({bad_jwt_key, Path})
+ end;
{error, Reason} ->
econf:fail({read_file, Reason, Path})
end
{shaper, #{atom() => ejabberd_shaper:shaper_rate()}} |
{shaper_rules, [{atom(), [ejabberd_shaper:shaper_rule()]}]} |
{api_permissions, [ejabberd_access_permissions:permission()]} |
- {jwt_key, binary()} |
+ {jwt_key, jose_jwk:key()} |
{append_host_config, [{binary(), any()}]} |
{host_config, [{binary(), any()}]} |
{define_macro, any()} |