From 875ce721254a8c9f849882c644804ac28513598a Mon Sep 17 00:00:00 2001 From: Michael Matloka Date: Mon, 10 Jun 2024 18:53:24 +0200 Subject: [PATCH] Put scope validation where claims are known --- jwt.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/jwt.go b/jwt.go index ad60818..e9f5054 100644 --- a/jwt.go +++ b/jwt.go @@ -38,13 +38,13 @@ func decodeAuthToken(authHeader string) (jwt.MapClaims, error) { return nil, err } - tokenScope := fmt.Sprint(claims["scope"]) - if tokenScope != ExpectedScope { - return nil, fmt.Errorf("invalid scope") - } - // Check if the token is valid and return the claims. if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid { + // Validate scope + tokenScope := fmt.Sprint(claims["scope"]) + if tokenScope != ExpectedScope { + return nil, fmt.Errorf("invalid scope") + } return claims, nil } else { return nil, fmt.Errorf("invalid token")