diff --git a/CHANGELOG-developer.next.asciidoc b/CHANGELOG-developer.next.asciidoc index 29c9ce99f492..e4ac3997ea1d 100644 --- a/CHANGELOG-developer.next.asciidoc +++ b/CHANGELOG-developer.next.asciidoc @@ -194,6 +194,7 @@ The list below covers the major changes between 7.0.0-rc2 and main only. - Make logs for empty and small files less noisy when using fingerprint file identity in filestream. {pull}38421[38421] - Improve robustness and error reporting from packetbeat default route testing. {pull}39757[39757] - Move x-pack/filebeat/input/salesforce jwt import to v5. {pull}39823[39823] +- Drop x-pack/filebeat/input dependency on github.com/lestrrat-go/jwx/v2. {pull}[] ==== Deprecated diff --git a/NOTICE.txt b/NOTICE.txt index 5b934acbd0bc..196783187494 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -20852,38 +20852,6 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. --------------------------------------------------------------------------------- -Dependency : github.com/lestrrat-go/jwx/v2 -Version: v2.0.21 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/lestrrat-go/jwx/v2@v2.0.21/LICENSE: - -The MIT License (MIT) - -Copyright (c) 2015 lestrrat - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - - -------------------------------------------------------------------------------- Dependency : github.com/lib/pq Version: v1.10.3 @@ -36969,33 +36937,6 @@ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. --------------------------------------------------------------------------------- -Dependency : github.com/decred/dcrd/dcrec/secp256k1/v4 -Version: v4.2.0 -Licence type (autodetected): ISC --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/decred/dcrd/dcrec/secp256k1/v4@v4.2.0/LICENSE: - -ISC License - -Copyright (c) 2013-2017 The btcsuite developers -Copyright (c) 2015-2020 The Decred developers -Copyright (c) 2017 The Lightning Network Developers - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - - -------------------------------------------------------------------------------- Dependency : github.com/devigned/tab Version: v0.1.2-0.20190607222403-0c15cf42f9a2 @@ -47384,161 +47325,6 @@ Contents of probable licence file $GOMODCACHE/github.com/kylelemons/godebug@v1.1 limitations under the License. --------------------------------------------------------------------------------- -Dependency : github.com/lestrrat-go/blackmagic -Version: v1.0.2 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/lestrrat-go/blackmagic@v1.0.2/LICENSE: - -MIT License - -Copyright (c) 2021 lestrrat-go - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - --------------------------------------------------------------------------------- -Dependency : github.com/lestrrat-go/httpcc -Version: v1.0.1 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/lestrrat-go/httpcc@v1.0.1/LICENSE: - -MIT License - -Copyright (c) 2020 lestrrat-go - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - --------------------------------------------------------------------------------- -Dependency : github.com/lestrrat-go/httprc -Version: v1.0.5 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/lestrrat-go/httprc@v1.0.5/LICENSE: - -MIT License - -Copyright (c) 2022 lestrrat - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - --------------------------------------------------------------------------------- -Dependency : github.com/lestrrat-go/iter -Version: v1.0.2 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/lestrrat-go/iter@v1.0.2/LICENSE: - -MIT License - -Copyright (c) 2020 lestrrat-go - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - --------------------------------------------------------------------------------- -Dependency : github.com/lestrrat-go/option -Version: v1.0.1 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/lestrrat-go/option@v1.0.1/LICENSE: - -MIT License - -Copyright (c) 2021 lestrrat-go - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - -------------------------------------------------------------------------------- Dependency : github.com/lufia/plan9stats Version: v0.0.0-20211012122336-39d0f177ccd0 @@ -51468,37 +51254,6 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --------------------------------------------------------------------------------- -Dependency : github.com/segmentio/asm -Version: v1.2.0 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/segmentio/asm@v1.2.0/LICENSE: - -MIT License - -Copyright (c) 2021 Segment - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - -------------------------------------------------------------------------------- Dependency : github.com/sergi/go-diff Version: v1.3.1 diff --git a/go.mod b/go.mod index b75f46682840..d16c84e7ecca 100644 --- a/go.mod +++ b/go.mod @@ -221,7 +221,6 @@ require ( github.com/gorilla/mux v1.8.0 github.com/gorilla/websocket v1.5.0 github.com/icholy/digest v0.1.22 - github.com/lestrrat-go/jwx/v2 v2.0.21 github.com/otiai10/copy v1.12.0 github.com/pierrec/lz4/v4 v4.1.18 github.com/pkg/xattr v0.4.9 @@ -279,7 +278,6 @@ require ( github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect github.com/dgraph-io/ristretto v0.1.0 // indirect github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect github.com/dnephin/pflag v1.0.7 // indirect @@ -338,11 +336,6 @@ require ( github.com/klauspost/cpuid/v2 v2.2.5 // indirect github.com/kortschak/utter v1.5.0 // indirect github.com/kylelemons/godebug v1.1.0 // indirect - github.com/lestrrat-go/blackmagic v1.0.2 // indirect - github.com/lestrrat-go/httpcc v1.0.1 // indirect - github.com/lestrrat-go/httprc v1.0.5 // indirect - github.com/lestrrat-go/iter v1.0.2 // indirect - github.com/lestrrat-go/option v1.0.1 // indirect github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/markbates/pkger v0.17.1 // indirect @@ -367,7 +360,6 @@ require ( github.com/prometheus/client_golang v1.11.1 // indirect github.com/rootless-containers/rootlesskit v1.1.0 // indirect github.com/sanathkr/go-yaml v0.0.0-20170819195128-ed9d249f429b // indirect - github.com/segmentio/asm v1.2.0 // indirect github.com/sergi/go-diff v1.3.1 // indirect github.com/shirou/gopsutil v3.21.11+incompatible // indirect github.com/sirupsen/logrus v1.9.3 // indirect diff --git a/go.sum b/go.sum index c8ab3a92c556..be450acbc91d 100644 --- a/go.sum +++ b/go.sum @@ -473,8 +473,6 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-xdr v0.0.0-20161123171359-e6a2ba005892 h1:qg9VbHo1TlL0KDM0vYvBG9EY0X0Yku5WYIPoFWt8f6o= github.com/davecgh/go-xdr v0.0.0-20161123171359-e6a2ba005892/go.mod h1:CTDl0pzVzE5DEzZhPfvhY/9sPFMQIxaJ9VAMs9AagrE= -github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs= -github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0= github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= github.com/denisenkom/go-mssqldb v0.12.3 h1:pBSGx9Tq67pBOTLmxNuirNTeB8Vjmf886Kx+8Y+8shw= github.com/denisenkom/go-mssqldb v0.12.3/go.mod h1:k0mtMFOnU+AihqFxPMiF05rtiDrorD1Vrm1KEz5hxDo= @@ -1233,18 +1231,6 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v0.0.0-20160406211939-eadb3ce320cb/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N+AkAr5k= -github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU= -github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE= -github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E= -github.com/lestrrat-go/httprc v1.0.5 h1:bsTfiH8xaKOJPrg1R+E3iE/AWZr/x0Phj9PBTG/OLUk= -github.com/lestrrat-go/httprc v1.0.5/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= -github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= -github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= -github.com/lestrrat-go/jwx/v2 v2.0.21 h1:jAPKupy4uHgrHFEdjVjNkUgoBKtVDgrQPB/h55FHrR0= -github.com/lestrrat-go/jwx/v2 v2.0.21/go.mod h1:09mLW8zto6bWL9GbwnqAli+ArLf+5M33QLQPDggkUWM= -github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= -github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.10.3 h1:v9QZf2Sn6AmjXtQeFpdoq/eaNtYP6IN+7lcrygsIAtg= @@ -1561,8 +1547,6 @@ github.com/satori/go.uuid v0.0.0-20160603004225-b111a074d5ef/go.mod h1:dA0hQrYB0 github.com/satori/go.uuid v1.2.1-0.20181028125025-b2ce2384e17b/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7.0.20210223165440-c65ae3540d44/go.mod h1:CJJ5VAbozOl0yEw7nHB9+7BXTJbIn6h7W+f6Gau5IP8= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys= -github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs= github.com/segmentio/kafka-go v0.1.0/go.mod h1:X6itGqS9L4jDletMsxZ7Dz+JFWxM6JHfPOCvTvk+EJo= github.com/segmentio/kafka-go v0.2.0/go.mod h1:X6itGqS9L4jDletMsxZ7Dz+JFWxM6JHfPOCvTvk+EJo= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= diff --git a/x-pack/filebeat/input/cel/config_okta_auth.go b/x-pack/filebeat/input/cel/config_okta_auth.go index 0f18b12e66ce..5521d6ab8e61 100644 --- a/x-pack/filebeat/input/cel/config_okta_auth.go +++ b/x-pack/filebeat/input/cel/config_okta_auth.go @@ -21,8 +21,7 @@ import ( "sync" "time" - "github.com/lestrrat-go/jwx/v2/jwa" - "github.com/lestrrat-go/jwx/v2/jwt" + "github.com/golang-jwt/jwt/v5" "golang.org/x/oauth2" "golang.org/x/oauth2/clientcredentials" ) @@ -183,20 +182,17 @@ func pemPKCS8PrivateKey(pemdata []byte) (any, error) { // private key. func signJWT(cnf *oauth2.Config, key any) (string, error) { now := time.Now() - tok, err := jwt.NewBuilder().Audience([]string{cnf.Endpoint.TokenURL}). - Issuer(cnf.ClientID). - Subject(cnf.ClientID). - IssuedAt(now). - Expiration(now.Add(time.Hour)). - Build() - if err != nil { - return "", fmt.Errorf("failed to create token: %w", err) - } - signedToken, err := jwt.Sign(tok, jwt.WithKey(jwa.RS256, key)) + signed, err := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.RegisteredClaims{ + Audience: []string{cnf.Endpoint.TokenURL}, + Issuer: cnf.ClientID, + Subject: cnf.ClientID, + IssuedAt: jwt.NewNumericDate(now), + ExpiresAt: jwt.NewNumericDate(now.Add(time.Hour)), + }).SignedString(key) if err != nil { return "", fmt.Errorf("failed to sign token: %w", err) } - return string(signedToken), nil + return signed, nil } // exchangeForBearerToken exchanges the Okta JWT for a bearer token. diff --git a/x-pack/filebeat/input/cel/config_okta_auth_test.go b/x-pack/filebeat/input/cel/config_okta_auth_test.go index fc02a2ec9e79..03a6387bab74 100644 --- a/x-pack/filebeat/input/cel/config_okta_auth_test.go +++ b/x-pack/filebeat/input/cel/config_okta_auth_test.go @@ -7,7 +7,7 @@ package cel import ( "testing" - "github.com/lestrrat-go/jwx/v2/jwt" + "github.com/golang-jwt/jwt/v5" "golang.org/x/oauth2" ) @@ -22,16 +22,7 @@ func TestGenerateOktaJWT(t *testing.T) { if err != nil { t.Fatalf("unexpected error: %v", err) } - tok, err := jwt.Parse([]byte(got), jwt.WithVerify(false)) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if tok.Issuer() != cnf.ClientID { - t.Errorf("unexpected issuer: got:%s want:%s", tok.Issuer(), cnf.ClientID) - } - if tok.Subject() != cnf.ClientID { - t.Errorf("unexpected subject: got:%s want:%s", tok.Subject(), cnf.ClientID) - } + checkToken(t, got, cnf) } func TestGenerateOktaJWTPEM(t *testing.T) { @@ -75,14 +66,30 @@ LNV/bIgMHOMoxiGrwyjAhg== if err != nil { t.Fatalf("unexpected error: %v", err) } - tok, err := jwt.Parse([]byte(got), jwt.WithVerify(false)) + checkToken(t, got, cnf) +} + +func checkToken(t *testing.T, text string, cnf *oauth2.Config) { + t.Helper() + + var p jwt.Parser + tok, _, err := p.ParseUnverified(text, jwt.MapClaims{}) if err != nil { t.Fatalf("unexpected error: %v", err) } - if tok.Issuer() != cnf.ClientID { - t.Errorf("unexpected issuer: got:%s want:%s", tok.Issuer(), cnf.ClientID) + gotIssuer, err := tok.Claims.GetIssuer() + if err != nil { + t.Fatalf("unexpected error calling GetIssuer(): %v", err) + } + if gotIssuer != cnf.ClientID { + t.Errorf("unexpected issuer: got:%s want:%s", gotIssuer, cnf.ClientID) } - if tok.Subject() != cnf.ClientID { - t.Errorf("unexpected subject: got:%s want:%s", tok.Subject(), cnf.ClientID) + gotSubject, err := tok.Claims.GetSubject() + if err != nil { + t.Fatalf("unexpected error calling GetSubject(): %v", err) + } + if gotSubject != cnf.ClientID { + t.Errorf("unexpected issuer: got:%s want:%s", gotSubject, cnf.ClientID) } + } diff --git a/x-pack/filebeat/input/httpjson/config_okta_auth.go b/x-pack/filebeat/input/httpjson/config_okta_auth.go index 8d2a8415c2e7..918d8d2d7ac5 100644 --- a/x-pack/filebeat/input/httpjson/config_okta_auth.go +++ b/x-pack/filebeat/input/httpjson/config_okta_auth.go @@ -21,8 +21,7 @@ import ( "sync" "time" - "github.com/lestrrat-go/jwx/v2/jwa" - "github.com/lestrrat-go/jwx/v2/jwt" + "github.com/golang-jwt/jwt/v5" "golang.org/x/oauth2" "golang.org/x/oauth2/clientcredentials" ) @@ -180,20 +179,17 @@ func pemPKCS8PrivateKey(pemdata []byte) (any, error) { // signJWT creates a JWT token using required claims and sign it with the private key. func signJWT(cnf *oauth2.Config, key any) (string, error) { now := time.Now() - tok, err := jwt.NewBuilder().Audience([]string{cnf.Endpoint.TokenURL}). - Issuer(cnf.ClientID). - Subject(cnf.ClientID). - IssuedAt(now). - Expiration(now.Add(time.Hour)). - Build() - if err != nil { - return "", fmt.Errorf("failed to create token: %w", err) - } - signedToken, err := jwt.Sign(tok, jwt.WithKey(jwa.RS256, key)) + signed, err := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.RegisteredClaims{ + Audience: []string{cnf.Endpoint.TokenURL}, + Issuer: cnf.ClientID, + Subject: cnf.ClientID, + IssuedAt: jwt.NewNumericDate(now), + ExpiresAt: jwt.NewNumericDate(now.Add(time.Hour)), + }).SignedString(key) if err != nil { return "", fmt.Errorf("failed to sign token: %w", err) } - return string(signedToken), nil + return signed, nil } // exchangeForBearerToken exchanges the Okta JWT for a bearer token. diff --git a/x-pack/filebeat/input/httpjson/config_okta_auth_test.go b/x-pack/filebeat/input/httpjson/config_okta_auth_test.go index 2f686af04373..276defa0f308 100644 --- a/x-pack/filebeat/input/httpjson/config_okta_auth_test.go +++ b/x-pack/filebeat/input/httpjson/config_okta_auth_test.go @@ -7,7 +7,7 @@ package httpjson import ( "testing" - "github.com/lestrrat-go/jwx/v2/jwt" + "github.com/golang-jwt/jwt/v5" "golang.org/x/oauth2" ) @@ -22,16 +22,7 @@ func TestGenerateOktaJWT(t *testing.T) { if err != nil { t.Fatalf("unexpected error: %v", err) } - tok, err := jwt.Parse([]byte(got), jwt.WithVerify(false)) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - if tok.Issuer() != cnf.ClientID { - t.Errorf("unexpected issuer: got:%s want:%s", tok.Issuer(), cnf.ClientID) - } - if tok.Subject() != cnf.ClientID { - t.Errorf("unexpected subject: got:%s want:%s", tok.Subject(), cnf.ClientID) - } + checkToken(t, got, cnf) } func TestGenerateOktaJWTPEM(t *testing.T) { @@ -75,14 +66,30 @@ LNV/bIgMHOMoxiGrwyjAhg== if err != nil { t.Fatalf("unexpected error: %v", err) } - tok, err := jwt.Parse([]byte(got), jwt.WithVerify(false)) + checkToken(t, got, cnf) +} + +func checkToken(t *testing.T, text string, cnf *oauth2.Config) { + t.Helper() + + var p jwt.Parser + tok, _, err := p.ParseUnverified(text, jwt.MapClaims{}) if err != nil { t.Fatalf("unexpected error: %v", err) } - if tok.Issuer() != cnf.ClientID { - t.Errorf("unexpected issuer: got:%s want:%s", tok.Issuer(), cnf.ClientID) + gotIssuer, err := tok.Claims.GetIssuer() + if err != nil { + t.Fatalf("unexpected error calling GetIssuer(): %v", err) + } + if gotIssuer != cnf.ClientID { + t.Errorf("unexpected issuer: got:%s want:%s", gotIssuer, cnf.ClientID) } - if tok.Subject() != cnf.ClientID { - t.Errorf("unexpected subject: got:%s want:%s", tok.Subject(), cnf.ClientID) + gotSubject, err := tok.Claims.GetSubject() + if err != nil { + t.Fatalf("unexpected error calling GetSubject(): %v", err) + } + if gotSubject != cnf.ClientID { + t.Errorf("unexpected issuer: got:%s want:%s", gotSubject, cnf.ClientID) } + }