From bb8238eef0a55b1020e35a05c95f4247e7a35090 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Wed, 31 Oct 2018 07:04:43 +0000
Subject: [PATCH] Add an InspectTicket method for unverified ticket inspection

---
 sso.go | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/sso.go b/sso.go
index 13e6001..37c5832 100644
--- a/sso.go
+++ b/sso.go
@@ -270,3 +270,21 @@ func (v *ssoValidator) Validate(encoded, nonce, service string, allowedGroups []
 
 	return t, nil
 }
+
+// InspectTicket reads a ticket without validating it (beyond syntax),
+// returning user and service. The results are untrusted.
+func InspectTicket(encoded string) (string, string, error) {
+	decoded, err := base64.RawURLEncoding.DecodeString(encoded)
+	if err != nil {
+		return "", "", err
+	}
+	if len(decoded) < signatureLen {
+		return "", "", ErrMessageTooShort
+	}
+	serialized := decoded[signatureLen:]
+	t, err := deserializeTicket(string(serialized))
+	if err != nil {
+		return "", "", err
+	}
+	return t.User, t.Service, nil
+}
-- 
GitLab