Skip to content

Commit 3aa3571

Browse files
gericlockifygericlockify
committed
Adding helper class for verifying and parsing Clockify signatures and deprecating previous JwtUtils implementation.
1 parent 13dc570 commit 3aa3571

3 files changed

Lines changed: 52 additions & 28 deletions

File tree

addon-sdk/src/main/java/com/cake/clockify/addonsdk/clockify/ClockifySignatureParser.java

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
package com.cake.clockify.addonsdk.clockify;
2+
3+
import io.jsonwebtoken.JwtParser;
4+
import io.jsonwebtoken.Jwts;
5+
6+
import java.security.interfaces.RSAPublicKey;
7+
import java.util.Map;
8+
9+
public class ClockifySignatureParser {
10+
public static final String CLAIM_TYPE = "type";
11+
public static final String CLAIM_BACKEND_URL = "backendUrl";
12+
public static final String CLAIM_PTO_URL = "ptoUrl";
13+
public static final String CLAIM_REPORTS_URL = "reportsUrl";
14+
public static final String CLAIM_WORKSPACE_ID = "workspaceId";
15+
public static final String CLAIM_ADDON_ID = "addonId";
16+
public static final String CLAIM_USER_ID = "user";
17+
public static final String CLAIM_WORKSPACE_ROLE = "workspaceRole";
18+
19+
public static final String ISSUER = "clockify";
20+
public static final String ADDON = "addon";
21+
private final JwtParser parser;
22+
23+
/**
24+
* @param addonKey the key declared inside the addon manifest
25+
* @param publicKey the RSA256 public key
26+
*/
27+
public ClockifySignatureParser(String addonKey, RSAPublicKey publicKey) {
28+
this.parser = Jwts.parserBuilder()
29+
.requireIssuer(ISSUER)
30+
.requireSubject(addonKey)
31+
.require(CLAIM_TYPE, ADDON)
32+
.setSigningKey(publicKey)
33+
.build();
34+
}
35+
36+
public Map<String, Object> parseClaims(String token) {
37+
return parser.parseClaimsJws(token).getBody();
38+
}
39+
}

addon-sdk/src/main/java/com/cake/clockify/addonsdk/shared/utils/JwtUtils.java

Lines changed: 0 additions & 28 deletions
This file was deleted.

readme.md

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -179,6 +179,19 @@ Filter filter = ...; // servlet filter
179179
clockifyAddon.addFilter(filter);
180180
```
181181

182+
### Validating Clockify tokens
183+
[https://dev-docs.marketplace.cake.com/development-toolkit/authentication-and-authorization/](https://dev-docs.marketplace.cake.com/development-toolkit/authentication-and-authorization/)
184+
185+
ClockifySignatureParser can be used to verify that the received tokens have been signed by Clockify:
186+
```java
187+
RSAPublicKey publicKey = ...;
188+
ClockifySignatureParser parser = new ClockifySignatureParser("{manifest-key}", publicKey);
189+
190+
String token = ...;
191+
Map<String, Object> claims = parser.parseClaims(token);
192+
String workspaceId = (String) claims.get(ClockifySignatureParser.CLAIM_WORKSPACE_ID);
193+
```
194+
182195
### Serving the addon
183196
#### Using the embedded jetty server
184197
```java

0 commit comments

Comments
 (0)