Fix oidc implementation, add more extensive tests.

src/oidc_auth.ts

@@ -7,16 +7,36 @@ import { TextDecoder } from 'util';
 import { Authenticator } from './auth';
 import { User } from './config_types';
 
+interface JwtObj {
+    header: any;
+    payload: any;
+    signature: string;
+}
+
 export class OpenIDConnectAuth implements Authenticator {
-    public static expirationFromToken(token: string): number {
+    public static decodeJWT(token: string): JwtObj | null {
         const parts = token.split('.');
         if (parts.length !== 3) {
-            return 0;
+            return null;
         }
 
-        const payload = base64url.parse(parts[1]);
-        const claims = JSON.parse(new TextDecoder().decode(payload));
-        return claims.exp;
+        const header = JSON.parse(new TextDecoder().decode(base64url.parse(parts[0], { loose: true })));
+        const payload = JSON.parse(new TextDecoder().decode(base64url.parse(parts[1], { loose: true })));
+        const signature = parts[2];
+
+        return {
+            header,
+            payload,
+            signature,
+        };
+    }
+
+    public static expirationFromToken(token: string): number {
+        const jwt = OpenIDConnectAuth.decodeJWT(token);
+        if (!jwt) {
+            return 0;
+        }
+        return jwt.payload.exp;
     }
 
     // public for testing purposes.

src/oidc_auth_test.ts

@@ -20,6 +20,13 @@ describe('OIDCAuth', () => {
         auth = new OpenIDConnectAuth();
     });
 
+    it('should correctly parse a JWT', () => {
+        const jwt = OpenIDConnectAuth.decodeJWT(
+            'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.5mhBHqs5_DTLdINd9p5m7ZJ6XD0Xc55kIaCRY5r6HRA',
+        );
+        expect(jwt).to.not.be.null;
+    });
+
     it('should correctly parse time from token', () => {
         const time = Math.floor(Date.now() / 1000);
         const token = makeJWT('{}', { exp: time }, 'fake');