-
Notifications
You must be signed in to change notification settings - Fork 25
Cloud
Pascal S. de Kloe edited this page Jun 17, 2022
·
4 revisions
The Google Cloud exposes keys including a key ID [kid] as a JWKS.
// GoogleIAPKeys resolves the public keys from the Identity-Aware Proxy.
func GoogleIAPKeys() (*jwt.KeyRegister, error) {
resp, err := http.Get("https://www.gstatic.com/iap/verify/public_key-jwk")
if err != nil {
return nil, fmt.Errorf("Google Identity-Aware Proxy public key lookup unavailable: %w", err)
}
defer resp.Body.Close()
bytes, err := io.ReadAll(resp.Body)
if err != nil {
return nil, fmt.Errorf("Google Identity-Aware Proxy public key lookup interrupted: %w", err)
}
var keys jwt.KeyRegister
_, err := keys.LoadJWK(bytes)
if err != nil {
return nil, fmt.Errorf("Google Identity-Aware Proxy public key lookup unusable: %w", err)
}
return &keys, nil
}