diff --git a/sso.go b/sso.go index 13e600143bd5cb56dcfa45a1c3c0e6592c75ab26..37c5832ed917999f8c86beabdae303c5841cfca6 100644 --- a/sso.go +++ b/sso.go @@ -270,3 +270,21 @@ func (v *ssoValidator) Validate(encoded, nonce, service string, allowedGroups [] return t, nil } + +// InspectTicket reads a ticket without validating it (beyond syntax), +// returning user and service. The results are untrusted. +func InspectTicket(encoded string) (string, string, error) { + decoded, err := base64.RawURLEncoding.DecodeString(encoded) + if err != nil { + return "", "", err + } + if len(decoded) < signatureLen { + return "", "", ErrMessageTooShort + } + serialized := decoded[signatureLen:] + t, err := deserializeTicket(string(serialized)) + if err != nil { + return "", "", err + } + return t.User, t.Service, nil +}