diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index 895048d..f21eba0 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -4,9 +4,7 @@
-
-
-
+
diff --git a/pkg/internal/services/jwt.go b/pkg/internal/services/jwt.go
index a198b2f..0a3ebd7 100644
--- a/pkg/internal/services/jwt.go
+++ b/pkg/internal/services/jwt.go
@@ -11,8 +11,9 @@ import (
type PayloadClaims struct {
jwt.RegisteredClaims
- SessionID string `json:"sed"`
- Type string `json:"typ"`
+ AuthorizedParties string `json:"azp,omitempty"`
+ SessionID string `json:"sed"`
+ Type string `json:"typ"`
}
const (
@@ -21,8 +22,16 @@ const (
)
func EncodeJwt(id string, typ, sub, sed string, aud []string, exp time.Time) (string, error) {
+ var azp string
+ for _, item := range aud {
+ if item != InternalTokenAudience {
+ azp = item
+ break
+ }
+ }
+
tk := jwt.NewWithClaims(jwt.SigningMethodHS512, PayloadClaims{
- jwt.RegisteredClaims{
+ RegisteredClaims: jwt.RegisteredClaims{
Subject: sub,
Audience: aud,
Issuer: fmt.Sprintf("https://%s", viper.GetString("domain")),
@@ -31,8 +40,9 @@ func EncodeJwt(id string, typ, sub, sed string, aud []string, exp time.Time) (st
IssuedAt: jwt.NewNumericDate(time.Now()),
ID: id,
},
- sed,
- typ,
+ AuthorizedParties: azp,
+ SessionID: sed,
+ Type: typ,
})
return tk.SignedString([]byte(viper.GetString("secret")))
diff --git a/pkg/internal/services/ticket.go b/pkg/internal/services/ticket.go
index 796d256..beb6ce4 100644
--- a/pkg/internal/services/ticket.go
+++ b/pkg/internal/services/ticket.go
@@ -11,6 +11,8 @@ import (
"github.com/samber/lo"
)
+const InternalTokenAudience = "passport"
+
func DetectRisk(user models.Account, ip, ua string) bool {
var clue int64
if err := database.C.
@@ -41,7 +43,7 @@ func NewTicket(user models.Account, ip, ua string) (models.AuthTicket, error) {
ticket = models.AuthTicket{
Claims: []string{"*"},
- Audiences: []string{"passport"},
+ Audiences: []string{InternalTokenAudience},
IpAddress: ip,
UserAgent: ua,
RequireMFA: requireMFA,