Preserve JWT claims in verify/2 (#22)

src/uac_authorizer_jwt.erl

@@ -287,24 +287,27 @@ verify(KID, Alg, ExpandedToken, VerificationOpts) ->
 verify_with_key(JWK, ExpandedToken, VerificationOpts, Metadata) ->
     case jose_jwt:verify(JWK, ExpandedToken) of
         {true, #jose_jwt{fields = Claims}, _JWS} ->
-            {KeyMeta, Claims1} = validate_claims(Claims, VerificationOpts),
+            _ = validate_claims(Claims, VerificationOpts),
-            get_result(KeyMeta, Claims1, VerificationOpts, Metadata);
+            get_result(Claims, VerificationOpts, Metadata);
         {false, _JWT, _JWS} ->
             {error, invalid_signature}
     end.
 
 validate_claims(Claims, VerificationOpts) ->
-    validate_claims(Claims, get_validators(), VerificationOpts, #{}).
+    validate_claims(Claims, get_validators(), VerificationOpts).
 
-validate_claims(Claims, [{Name, Claim, Validator} | Rest], VerificationOpts, Acc) ->
+validate_claims(Claims, [{Name, Claim, Validator} | Rest], VerificationOpts) ->
-    V = Validator(Name, maps:get(Claim, Claims, undefined), VerificationOpts),
+    _ = Validator(Name, maps:get(Claim, Claims, undefined), VerificationOpts),
-    validate_claims(maps:without([Claim], Claims), Rest, VerificationOpts, Acc#{Name => V});
+    validate_claims(Claims, Rest, VerificationOpts);
-validate_claims(Claims, [], _, Acc) ->
+validate_claims(Claims, [], _) ->
-    {Acc, Claims}.
+    Claims.
 
-get_result(KeyMeta, Claims, VerificationOpts, Metadata) ->
+get_result(Claims, VerificationOpts, Metadata) ->
-    #{token_id := TokenID, subject_id := SubjectID} = KeyMeta,
     try
+        #{
+            ?CLAIM_TOKEN_ID := TokenID,
+            ?CLAIM_SUBJECT_ID := SubjectID
+        } = Claims,
         {ok, {TokenID, SubjectID, decode_roles(Claims, VerificationOpts), Metadata}}
     catch
         error:{badarg, _} = Reason ->

test/uac_tests_SUITE.erl

@@ -134,7 +134,8 @@ no_token_test(_) ->
 force_expiration_test(_) ->
     {ok, Token} = issue_token(?TEST_SERVICE_ACL(write), 1),
     {ok, AccessContext} = uac:authorize_api_key(<<"Bearer ", Token/binary>>, #{}),
-    ok = uac:authorize_operation(?TEST_SERVICE_ACL(write), AccessContext).
+    ok = uac:authorize_operation(?TEST_SERVICE_ACL(write), AccessContext),
+    1 = uac_authorizer_jwt:get_expires_at(AccessContext).
 
 -spec force_expiration_fail_test(config()) -> _.
 force_expiration_fail_test(_) ->
@@ -206,15 +207,15 @@ configure_processed_domains_test(_) ->
 
 %%
 
-issue_token(DomainRoles, LifeTime) when is_map(DomainRoles) ->
+issue_token(DomainRoles, Expiration) when is_map(DomainRoles) ->
     PartyID = <<"TEST">>,
     Claims0 = #{<<"TEST">> => <<"TEST">>},
-    Claims = uac_authorizer_jwt:create_claims(Claims0, LifeTime, DomainRoles),
+    Claims = uac_authorizer_jwt:create_claims(Claims0, Expiration, DomainRoles),
     uac_authorizer_jwt:issue(unique_id(), PartyID, Claims, test);
-issue_token(ACL, LifeTime) ->
+issue_token(ACL, Expiration) ->
     PartyID = <<"TEST">>,
     Claims0 = #{<<"TEST">> => <<"TEST">>},
-    Claims = uac_authorizer_jwt:create_claims(Claims0, LifeTime, #{?TEST_DOMAIN_NAME => uac_acl:from_list(ACL)}),
+    Claims = uac_authorizer_jwt:create_claims(Claims0, Expiration, #{?TEST_DOMAIN_NAME => uac_acl:from_list(ACL)}),
     uac_authorizer_jwt:issue(unique_id(), PartyID, Claims, test).
 
 issue_dummy_token(ACL, Config) ->