[verify] Also allow to obtain the certificate (#39)

lhchavez · web-flow · commit d4e8729d8563 · 2025-09-18T22:17:35.000-07:00
Replit identity tokens are really cool because they validate your
identity, but they also come equipped with a certificate (a "signing
authority" in the code).

This code exposes the certificate chain as well as exposing the actual
identity.
diff --git a/verify.go b/verify.go
@@ -372,25 +372,36 @@ type VerifyTokenOpts struct {
 //
 // The optional options allow specifying additional verifications on the identity.
 func VerifyToken(opts VerifyTokenOpts) (*api.GovalReplIdentity, error) {
+	identity, _, err := VerifyTokenWithCertificate(opts)
+	return identity, err
+}
+
+// VerifyTokenWithCertificate verifies that the given `REPL_IDENTITY` value is
+// in fact signed by Goval's chain of authority, and addressed to the provided
+// audience (the `REPL_ID` of the recipient). Returns the identity and the
+// signing authority (a.k.a. the certificate).
+//
+// The options allow specifying additional verifications on the identity.
+func VerifyTokenWithCertificate(opts VerifyTokenOpts) (*api.GovalReplIdentity, *api.GovalSigningAuthority, error) {
 	v, bytes, _, err := verifyChain(opts.Message, opts.GetPubKey)
 	if err != nil {
-		return nil, fmt.Errorf("failed verify message: %w", err)
+		return nil, nil, fmt.Errorf("failed verify message: %w", err)
 	}
 
 	signingAuthority, err := getSigningAuthority(opts.Message)
 	if err != nil {
-		return nil, fmt.Errorf("failed to read body type: %w", err)
+		return nil, nil, fmt.Errorf("failed to read body type: %w", err)
 	}
 
 	var identity api.GovalReplIdentity
 
 	switch signingAuthority.GetVersion() {
 	case api.TokenVersion_BARE_REPL_TOKEN:
-		return nil, errors.New("wrong type of token provided")
+		return nil, nil, errors.New("wrong type of token provided")
 	case api.TokenVersion_TYPE_AWARE_TOKEN:
 		err = proto.Unmarshal(bytes, &identity)
 		if err != nil {
-			return nil, fmt.Errorf("failed to decode body: %w", err)
+			return nil, nil, fmt.Errorf("failed to decode body: %w", err)
 		}
 	}
 
@@ -402,32 +413,32 @@ func VerifyToken(opts VerifyTokenOpts) (*api.GovalReplIdentity, error) {
 		}
 	}
 	if !validAudience {
-		return nil, fmt.Errorf("message identity mismatch. expected %q, got %q", opts.Audience, identity.Aud)
+		return nil, nil, fmt.Errorf("message identity mismatch. expected %q, got %q", opts.Audience, identity.Aud)
 	}
 
 	err = v.checkClaimsAgainstToken(&identity)
 	if err != nil {
-		return nil, fmt.Errorf("claim mismatch: %w", err)
+		return nil, nil, fmt.Errorf("claim mismatch: %w", err)
 	}
 
 	if v.claims != nil {
 		for _, flag := range opts.Flags {
 			if _, ok := v.claims.Flags[flag]; !ok {
-				return nil, fmt.Errorf("token not authorized for flag %s", flag)
+				return nil, nil, fmt.Errorf("token not authorized for flag %s", flag)
 			}
 		}
 	} else if len(opts.Flags) > 0 {
-		return nil, fmt.Errorf("token not authorized for flags")
+		return nil, nil, fmt.Errorf("token not authorized for flags")
 	}
 
 	for _, option := range opts.Options {
 		err = option.verify(&identity)
 		if err != nil {
-			return nil, err
+			return nil, nil, err
 		}
 	}
 
-	return &identity, nil
+	return &identity, signingAuthority, nil
 }
 
 type verifyRawClaimsOpts struct {

Original file line number	Diff line number	Diff line change
`@@ -372,25 +372,36 @@ type VerifyTokenOpts struct {`
`372`	`372`	`//`
`373`	`373`	`// The optional options allow specifying additional verifications on the identity.`
`374`	`374`	`func VerifyToken(opts VerifyTokenOpts) (*api.GovalReplIdentity, error) {`
	`375`	`+ identity, _, err := VerifyTokenWithCertificate(opts)`
	`376`	`+ return identity, err`
	`377`	`+}`
	`378`	`+`
	`379`	+// VerifyTokenWithCertificate verifies that the given `REPL_IDENTITY` value is
	`380`	`+// in fact signed by Goval's chain of authority, and addressed to the provided`
	`381`	+// audience (the `REPL_ID` of the recipient). Returns the identity and the
	`382`	`+// signing authority (a.k.a. the certificate).`
	`383`	`+//`
	`384`	`+// The options allow specifying additional verifications on the identity.`
	`385`	`+func VerifyTokenWithCertificate(opts VerifyTokenOpts) (api.GovalReplIdentity, api.GovalSigningAuthority, error) {`
`375`	`386`	`v, bytes, _, err := verifyChain(opts.Message, opts.GetPubKey)`
`376`	`387`	`if err != nil {`
`377`		`- return nil, fmt.Errorf("failed verify message: %w", err)`
	`388`	`+ return nil, nil, fmt.Errorf("failed verify message: %w", err)`
`378`	`389`	`}`
`379`	`390`
`380`	`391`	`signingAuthority, err := getSigningAuthority(opts.Message)`
`381`	`392`	`if err != nil {`
`382`		`- return nil, fmt.Errorf("failed to read body type: %w", err)`
	`393`	`+ return nil, nil, fmt.Errorf("failed to read body type: %w", err)`
`383`	`394`	`}`
`384`	`395`
`385`	`396`	`var identity api.GovalReplIdentity`
`386`	`397`
`387`	`398`	`switch signingAuthority.GetVersion() {`
`388`	`399`	`case api.TokenVersion_BARE_REPL_TOKEN:`
`389`		`- return nil, errors.New("wrong type of token provided")`
	`400`	`+ return nil, nil, errors.New("wrong type of token provided")`
`390`	`401`	`case api.TokenVersion_TYPE_AWARE_TOKEN:`
`391`	`402`	`err = proto.Unmarshal(bytes, &identity)`
`392`	`403`	`if err != nil {`
`393`		`- return nil, fmt.Errorf("failed to decode body: %w", err)`
	`404`	`+ return nil, nil, fmt.Errorf("failed to decode body: %w", err)`
`394`	`405`	`}`
`395`	`406`	`}`
`396`	`407`
`@@ -402,32 +413,32 @@ func VerifyToken(opts VerifyTokenOpts) (*api.GovalReplIdentity, error) {`
`402`	`413`	`}`
`403`	`414`	`}`
`404`	`415`	`if !validAudience {`
`405`		`- return nil, fmt.Errorf("message identity mismatch. expected %q, got %q", opts.Audience, identity.Aud)`
	`416`	`+ return nil, nil, fmt.Errorf("message identity mismatch. expected %q, got %q", opts.Audience, identity.Aud)`
`406`	`417`	`}`
`407`	`418`
`408`	`419`	`err = v.checkClaimsAgainstToken(&identity)`
`409`	`420`	`if err != nil {`
`410`		`- return nil, fmt.Errorf("claim mismatch: %w", err)`
	`421`	`+ return nil, nil, fmt.Errorf("claim mismatch: %w", err)`
`411`	`422`	`}`
`412`	`423`
`413`	`424`	`if v.claims != nil {`
`414`	`425`	`for _, flag := range opts.Flags {`
`415`	`426`	`if _, ok := v.claims.Flags[flag]; !ok {`
`416`		`- return nil, fmt.Errorf("token not authorized for flag %s", flag)`
	`427`	`+ return nil, nil, fmt.Errorf("token not authorized for flag %s", flag)`
`417`	`428`	`}`
`418`	`429`	`}`
`419`	`430`	`} else if len(opts.Flags) > 0 {`
`420`		`- return nil, fmt.Errorf("token not authorized for flags")`
	`431`	`+ return nil, nil, fmt.Errorf("token not authorized for flags")`
`421`	`432`	`}`
`422`	`433`
`423`	`434`	`for _, option := range opts.Options {`
`424`	`435`	`err = option.verify(&identity)`
`425`	`436`	`if err != nil {`
`426`		`- return nil, err`
	`437`	`+ return nil, nil, err`
`427`	`438`	`}`
`428`	`439`	`}`
`429`	`440`
`430`		`- return &identity, nil`
	`441`	`+ return &identity, signingAuthority, nil`
`431`	`442`	`}`
`432`	`443`
`433`	`444`	`type verifyRawClaimsOpts struct {`