Skip to content

Commit

Permalink
review comments
Browse files Browse the repository at this point in the history
  • Loading branch information
@aricart @neilalexander
aricart authored and neilalexander committed Jun 19, 2024
1 parent 9003639 commit 1837a3b
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 8 deletions.
10 changes: 5 additions & 5 deletions server/accounts.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3595,8 +3595,8 @@ func (s *Server) updateAccountClaimsWithRefresh(a *Account, ac *jwt.AccountClaim
c.applyAccountLimits()
// if we have an nkey user we are a callout user - save
// the issuedAt, and nkey user id to honor revocations
nkeyUserID := ""
issuedAt := int64(0)
var nkeyUserID string
var issuedAt int64
if c.user != nil {
issuedAt = c.user.Issued
nkeyUserID = c.user.Nkey
Expand All @@ -3620,13 +3620,13 @@ func (s *Server) updateAccountClaimsWithRefresh(a *Account, ac *jwt.AccountClaim
}
}

// if we extracted nkeyUserID and issuedAt we are a callout user
// calloutIAT should only be set if we are in callout type scenario
// if we extracted nkeyUserID and issuedAt we are a callout type
// calloutIAT should only be set if we are in callout scenario as
// the user JWT is _NOT_ associated with the client for callouts,
// so we rely on the calloutIAT to know when the JWT was issued
// revocations simply state that JWT issued before or by that date
// are not valid
if ac.Revocations != nil && nkeyUserID != "" && issuedAt > 0 {
if ac.Revocations != nil && nkeyUserID != _EMPTY_ && issuedAt > 0 {
seconds, ok := ac.Revocations[jwt.All]
if ok && seconds >= issuedAt {
c.sendErrAndDebug("User Authentication Revoked")
Expand Down
5 changes: 2 additions & 3 deletions server/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,9 +59,8 @@ type ClientAuthentication interface {

// NkeyUser is for multiple nkey based users
type NkeyUser struct {
Nkey string `json:"user"`
// this is a copy of the issued at (iat) field in the jwt
Issued int64 `json:"issued,omitempty"`
Nkey string `json:"user"`
Issued int64 `json:"issued,omitempty"` // this is a copy of the issued at (iat) field in the jwt
Permissions *Permissions `json:"permissions,omitempty"`
Account *Account `json:"account,omitempty"`
SigningKey string `json:"signing_key,omitempty"`
Expand Down

0 comments on commit 1837a3b

Please sign in to comment.