in source/aws-connect-vm-serverless/src/service/auth.service.js [66:107]
verifyKey(kid, token, keysUrl) {
return new Promise((resolve, reject) => {
https.get(keysUrl, response => {
if (response.statusCode === 200) {
response.on('data', body => {
let keys = JSON.parse(body)['keys'];
let keyIndex = -1;
for (let i = 0; i < keys.length; i++) {
if (kid === keys[i].kid) {
keyIndex = i;
break;
}
}
if (keyIndex === -1) {
console.error("No public key");
resolve({effect: 'deny', reason: 'No public key', claims: null});
return;
}
jose.JWK.asKey(keys[keyIndex]).then(result => {
jose.JWS.createVerify(result).verify(token).then(result => {
let claims = JSON.parse(result.payload);
let currentTimestamp = Math.floor(new Date() / 1000);
if (currentTimestamp > claims.exp) {
resolve({effect: 'deny', reason: 'Token expired', claims});
return;
}
resolve({effect: 'allow', reason: 'Verified', claims});
}, error => {
reject(error);
});
}, err => {
reject(err);
});
});
} else {
reject(new Error("Key Unverified"));
}
});
});
}