Return session token if JWT is expired

3df5f6c6 · Jano Hendriks · 6c47a19e · 3df5f6c6
Commit 3df5f6c6 authored 2 years ago by Jano Hendriks
--- a/auth/session.go
+++ b/auth/session.go
@@ -51,17 +51,19 @@ func GetSignedSessionTokenString(request events.APIGatewayProxyRequest, secretKe

 // ValidateJWTWithSessionTokens attempts to validate the JWT string by signing each session token using the secret, and
 // using the resulting signed session token to validate the JWT. If the JWT can be validated using a session token, the
-// JsonWebToken is returned, otherwise nil is returned.
-func ValidateJWTWithSessionTokens(jsonWebTokenString string, secretKey string, sessionTokens []string) *JsonWebToken {
+// JsonWebToken is returned, otherwise nil is returned. If the JWT is expired, nil is returned along with the session token.
+func ValidateJWTWithSessionTokens(jsonWebTokenString string, secretKey string, sessionTokens []string) (validJsonWebToken *JsonWebToken, expiredSessionToken *string) {
 	// Test each session token to find one that is valid
 	for _, sessionToken := range sessionTokens {
 		jsonWebToken, err := ValidateJWTWithSessionToken(jsonWebTokenString, secretKey, sessionToken)
 		if err == nil {
-			return &jsonWebToken
+			return &jsonWebToken, nil
+		} else if err.Error() == "token has expired" {
+			return nil, &sessionToken
 		}
 	}

-	return nil
+	return nil, nil
 }

 // FindAndRemoveCurrentSessionToken attempts to validate the JWT string by signing each session token using the secret,