auth: Improve JWT claims format

apossiblespace · Sep 6, 2024 · 8c81882 · 8c81882
1 parent 6fdba16
commit 8c81882
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 7 deletions.
diff --git a/dev/test.http b/dev/test.http
@@ -8,8 +8,8 @@ POST http://localhost:3000/api/auth/login
 Content-Type: application/json
 
 {
-  "email": "test9@example.com",
-  "password": "password9"
+  "email": "test2@example.com",
+  "password": "password2"
 }
 
 # Failing login
@@ -23,5 +23,5 @@ Content-Type: application/json
 
 # Get account info
 GET http://localhost:3000/api/account
-Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyLWlkIjoiY2M1YTVkMTYtYjgzYS00OTZkLTk5M2EtOTM2ZjQxOGUxZDNlIiwiZXhwIjoxNzI1NjE4NzIwfQ.NpBrduSxGICyTryLbuDQyOBK9VR4Wg-V23F_kRKrPMI
+Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAvYXBpIiwic3ViIjoiY2M1YTVkMTYtYjgzYS00OTZkLTk5M2EtOTM2ZjQxOGUxZDNlIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDozMDAwIiwiaWF0IjoxNzI1NjMzODgzLCJleHAiOjE3MjU2Mzc0ODN9.hDjmDNvy2MNwGP6Th0Jl8THSq9bbg6APv4WndbvOBUk
 Content-Type: application/json
diff --git a/src/apossiblespace/parts/account.clj b/src/apossiblespace/parts/account.clj
@@ -20,7 +20,7 @@
   "Retrieve own account info"
   [request]
   (mulog/log ::get-account :request request)
-  (let [user-id (get-in request [:identity :user-id])
+  (let [user-id (get-in request [:identity :sub])
         user-record (fetch-user user-id)]
     (if user-record
       (-> (response/response user-record)

diff --git a/src/apossiblespace/parts/auth.clj b/src/apossiblespace/parts/auth.clj
@@ -32,7 +32,10 @@
   [user-id]
   (let [now (Instant/now)
         exp (.plusSeconds now 3600)
-        claims {:user-id user-id
+        claims {:iss "http://localhost:3000/api" ;; TODO: Set this from configuration?
+                :sub user-id
+                :aud "http://localhost:3000"
+                :iat (.getEpochSecond now)
                 :exp (.getEpochSecond exp)}]
     (jwt/sign claims secret {:alg :hs256})))
 

diff --git a/test/apossiblespace/account_test.clj b/test/apossiblespace/account_test.clj
@@ -11,7 +11,7 @@
 (deftest test-get-account
   (testing "returns currently signed in user's information"
     (let [user (register-test-user)
-          mock-request {:identity {:user-id (:id user)}}
+          mock-request {:identity {:sub (:id user)}}
           response (account/get-account mock-request)]
       (is (= 200 (:status response)))
       (is (= {:email (:email user)

diff --git a/test/apossiblespace/auth_test.clj b/test/apossiblespace/auth_test.clj
@@ -17,7 +17,7 @@
           secret auth/secret
           decoded (jwt/unsign token secret)
           now-seconds (.getEpochSecond (Instant/now))]
-      (is (= user-id (:user-id decoded)))
+      (is (= user-id (:sub decoded)))
       (is (> (:exp decoded) now-seconds))
       (is (< (:exp decoded) (+ now-seconds 3601))))))