jwt: Simplify JWT parsing (#8802)

JWT parsing is simplified by using a custom claim data structure such as MapClaims{}, also writes a custom Unmarshaller for faster unmarshalling. - Avoid as much reflections as possible - Provide the right types for functions as much as possible - Avoid strings.Join, strings.Split to reduce allocations, rely on indexes directly.
2025-11-07 21:02:58 -05:00 · 2020-01-31 08:29:22 +05:30
parent 9990464cd5
commit bfe8a9bccc
11 changed files with 799 additions and 252 deletions
--- a/cmd/rest/client.go
+++ b/cmd/rest/client.go
@@ -47,7 +47,7 @@ type Client struct {
 	httpClient          *http.Client
 	httpIdleConnsCloser func()
 	url                 *url.URL
-	newAuthToken        func() string
+	newAuthToken        func(audience string) string
 }

 // URL query separator constants
@@ -62,7 +62,7 @@ func (c *Client) CallWithContext(ctx context.Context, method string, values url.
 		return nil, &NetworkError{err}
 	}
 	req = req.WithContext(ctx)
-	req.Header.Set("Authorization", "Bearer "+c.newAuthToken())
+	req.Header.Set("Authorization", "Bearer "+c.newAuthToken(req.URL.Query().Encode()))
 	req.Header.Set("X-Minio-Time", time.Now().UTC().Format(time.RFC3339))
 	if length > 0 {
 		req.ContentLength = length
@@ -102,7 +102,7 @@ func (c *Client) Close() {
 }

 // NewClient - returns new REST client.
-func NewClient(url *url.URL, newCustomTransport func() *http.Transport, newAuthToken func() string) (*Client, error) {
+func NewClient(url *url.URL, newCustomTransport func() *http.Transport, newAuthToken func(aud string) string) (*Client, error) {
 	// Transport is exactly same as Go default in https://golang.org/pkg/net/http/#RoundTripper
 	// except custom DialContext and TLSClientConfig.
 	tr := newCustomTransport()