jwt_io: parse header for key id

rrooij · rrooij · commit 991e9fcdc1ba · 2020-04-07T14:10:25.000+02:00
The key id should not be in the body, but in the header.
This is also the default case for auth0.
diff --git a/prolog/jwt_io.pl b/prolog/jwt_io.pl
@@ -26,7 +26,7 @@
   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
-:- module(jwt_io, [jwt_encode/3, jwt_decode/3]).
+:- module(jwt_io, [jwt_encode/3, jwt_decode/3, jwt_decode_head/2]).
 /** <module> Json Web Tokens implementation
 
 Generates and verifies Json Web Tokens.
@@ -126,18 +126,22 @@
 % @arg Options options
 %
 jwt_decode(Data, Payload, Options) :-
-  jwt_decode_from_string(Data, PayloadFirst, _, ''),
-  atom_json_dict(PayloadFirst, PayloadDict, [as(string)]),
-  atom_string(Kid, PayloadDict.kid),
+  jwt_decode_head(Data, PayloadFirst),
+  atom_json_dict(PayloadFirst, PayloadHeader, [as(string)]),
+  atom_string(Kid, PayloadHeader.kid),
   get_key_from_settings(Kid, KeyDict),
   jwt_decode_from_string(Data, Payload, KeyDict),
+  atom_json_dict(Payload, PayloadDict, [as(string)]),
   jwt_jti_valid(PayloadDict),
   jwt_exp_valid(PayloadDict),
   jwt_nbf_valid(PayloadDict),
   jwt_iss_valid(PayloadDict, Options),
   jwt_aud_valid(PayloadDict, Options),
   jwt_iat_valid(PayloadDict).
 
+jwt_decode_head(Data, Payload) :-
+  jwt_parse_head(Data, Payload).
+
 get_jti(Jti) :-
   setting(jti_generator, Generator),
   call(Generator, Jti).
diff --git a/src/jwt_io.c b/src/jwt_io.c
@@ -38,6 +38,25 @@ pl_jwt_encode(term_t in, term_t out, term_t key_term, term_t algorithm)
 	return rval;
 }
 
+static		foreign_t
+pl_jwt_parse_head(term_t in, term_t head_term) {
+    char        *input, *head_payload;
+    jwt_t       *jwt;
+    int		jwt_result;
+    get_pl_arg_str("jwt_encode_from_string/4", "in", in, &input);
+
+    jwt_result = jwt_decode(&jwt, input, NULL, 0);
+    if (!jwt_result) {
+        head_payload = jwt_get_headers_json(jwt, NULL);
+        (void) PL_unify_atom_chars(head_term, head_payload);
+        jwt_free(jwt);
+        PL_succeed;
+    }
+    else {
+        PL_fail;
+    }
+}
+
 static		foreign_t
 pl_jwt_decode(term_t in, term_t out_payload, term_t out_algorithm, term_t in_key)
 {
@@ -69,6 +88,7 @@ pl_jwt_decode(term_t in, term_t out_payload, term_t out_algorithm, term_t in_key
 install_t
 install(void)
 {
+	PL_register_foreign("jwt_parse_head", 2, pl_jwt_parse_head, 0);
 	PL_register_foreign("jwt_encode_from_string", 4, pl_jwt_encode, 0);
 	PL_register_foreign("jwt_decode_from_string", 4, pl_jwt_decode, 0);
 }
