Documentation ¶
Index ¶
- Constants
- Variables
- func Copy(elements map[string]any) (result map[string]any)
- func Filter(elements map[string]any, keys ...string) map[string]any
- func StringSliceFromMap(value any) (values []string, ok bool)
- func ToString(i any) string
- func ToTime(i any) time.Time
- type Claims
- type DefaultSigner
- func (j *DefaultSigner) Decode(ctx context.Context, token string) (*Token, error)
- func (j *DefaultSigner) Generate(ctx context.Context, claims MapClaims, header Mapper) (string, string, error)
- func (j *DefaultSigner) GetSignature(ctx context.Context, token string) (string, error)
- func (j *DefaultSigner) GetSigningMethodLength(ctx context.Context) int
- func (j *DefaultSigner) Hash(ctx context.Context, in []byte) ([]byte, error)
- func (j *DefaultSigner) Validate(ctx context.Context, token string) (string, error)
- type GetPrivateKeyFunc
- type Headers
- type IDTokenClaims
- type JARMClaims
- type JWTClaims
- func (c *JWTClaims) Add(key string, value any)
- func (c *JWTClaims) FromMap(m map[string]any)
- func (c *JWTClaims) FromMapClaims(mc MapClaims)
- func (c JWTClaims) Get(key string) any
- func (c *JWTClaims) Sanitize() JWTClaimsContainer
- func (c *JWTClaims) ToMap() map[string]any
- func (c JWTClaims) ToMapClaims() MapClaims
- func (c *JWTClaims) With(expiry time.Time, scope, audience []string) JWTClaimsContainer
- func (c *JWTClaims) WithDefaults(iat, nbf time.Time, issuer string) JWTClaimsContainer
- func (c *JWTClaims) WithScopeField(scopeField JWTScopeFieldEnum) JWTClaimsContainer
- type JWTClaimsContainer
- type JWTClaimsDefaults
- type JWTScopeFieldEnum
- type Keyfunc
- type MapClaims
- func (m MapClaims) UnmarshalJSON(b []byte) error
- func (m MapClaims) Valid() error
- func (m MapClaims) VerifyAudience(cmp string, req bool) bool
- func (m MapClaims) VerifyExpiresAt(cmp int64, req bool) bool
- func (m MapClaims) VerifyIssuedAt(cmp int64, req bool) bool
- func (m MapClaims) VerifyIssuer(cmp string, req bool) bool
- func (m MapClaims) VerifyNotBefore(cmp int64, req bool) bool
- type Mapper
- type Signer
- type Token
- func NewWithClaims(method jose.SignatureAlgorithm, claims MapClaims) *Token
- func Parse(tokenString string, keyFunc Keyfunc) (*Token, error)
- func ParseCustom(tokenString string, keyFunc Keyfunc, algs ...jose.SignatureAlgorithm) (*Token, error)
- func ParseCustomWithClaims(rawToken string, claims MapClaims, keyFunc Keyfunc, ...) (*Token, error)
- func ParseWithClaims(rawToken string, claims MapClaims, keyFunc Keyfunc) (*Token, error)
- type ValidationError
Constants ¶
const ( SigningMethodNone = jose.SignatureAlgorithm("none") // This key should be use to correctly sign and verify alg:none JWT tokens UnsafeAllowNoneSignatureType unsafeNoneMagicConstant = "none signing method allowed" JWTHeaderType = jose.HeaderKey(consts.JSONWebTokenHeaderType) )
const ( JWTHeaderTypeValueJWT = "JWT" JWTHeaderTypeValueAccessTokenJWT = "at+jwt" )
const ( ValidationErrorMalformed uint32 = 1 << iota // Token is malformed ValidationErrorUnverifiable // Token could not be verified because of signing problems ValidationErrorSignatureInvalid // Signature validation failed // Standard Claim validation errors ValidationErrorAudience // AUD validation failed ValidationErrorExpired // EXP validation failed ValidationErrorIssuedAt // IAT validation failed ValidationErrorIssuer // ISS validation failed ValidationErrorNotValidYet // NBF validation failed ValidationErrorId // JTI validation failed ValidationErrorClaimsInvalid // Generic claims validation error )
Validation provides a backwards compatible error definition from `jwt-go` to `go-jose`. The sourcecode was taken from https://github.com/dgrijalva/jwt-go/blob/master/errors.go
> The errors that might occur when parsing and validating a token
const (
JWTHeaderKeyValueType = "typ"
)
Variables ¶
var SHA256HashSize = crypto.SHA256.Size()
var TimeFunc = time.Now
Functions ¶
func StringSliceFromMap ¶
StringSliceFromMap asserts a map any value to a []string provided it has a good type.
Types ¶
type Claims ¶
type Claims interface {
Valid() error
}
Claims is a port from https://github.com/dgrijalva/jwt-go/blob/master/claims.go including its validation methods, which are not available in go-jose library
> For a type to be a Claims object, it must just have a Valid method that determines if the token is invalid for any supported reason
type DefaultSigner ¶
type DefaultSigner struct {
GetPrivateKey GetPrivateKeyFunc
}
DefaultSigner is responsible for generating and validating JWT challenges
func (*DefaultSigner) Generate ¶
func (j *DefaultSigner) Generate(ctx context.Context, claims MapClaims, header Mapper) (string, string, error)
Generate generates a new authorize code or returns an error. set secret
func (*DefaultSigner) GetSignature ¶
GetSignature will return the signature of a token
func (*DefaultSigner) GetSigningMethodLength ¶
func (j *DefaultSigner) GetSigningMethodLength(ctx context.Context) int
GetSigningMethodLength will return the length of the signing method
type Headers ¶
Headers is the jwt headers
func NewHeaders ¶
func NewHeaders() *Headers
func (*Headers) SetDefaultString ¶
func (Headers) ToMapClaims ¶
ToMapClaims will return a jwt-go MapClaims representation
type IDTokenClaims ¶
type IDTokenClaims struct { JTI string `json:"jti"` Issuer string `json:"iss"` Subject string `json:"sub"` Audience []string `json:"aud"` Nonce string `json:"nonce"` ExpiresAt time.Time `json:"exp"` IssuedAt time.Time `json:"iat"` RequestedAt time.Time `json:"rat"` AuthTime time.Time `json:"auth_time"` AccessTokenHash string `json:"at_hash"` AuthenticationContextClassReference string `json:"acr"` AuthenticationMethodsReferences []string `json:"amr"` CodeHash string `json:"c_hash"` StateHash string `json:"s_hash"` Extra map[string]any `json:"ext"` }
IDTokenClaims represent the claims used in open id connect requests
func (*IDTokenClaims) Add ¶
func (c *IDTokenClaims) Add(key string, value any)
Add will add a key-value pair to the extra field
func (*IDTokenClaims) Get ¶
func (c *IDTokenClaims) Get(key string) any
Get will get a value from the extra field based on a given key
func (*IDTokenClaims) ToMap ¶
func (c *IDTokenClaims) ToMap() map[string]any
ToMap will transform the headers to a map structure
func (IDTokenClaims) ToMapClaims ¶
func (c IDTokenClaims) ToMapClaims() MapClaims
ToMapClaims will return a jwt-go MapClaims representation
type JARMClaims ¶
type JARMClaims struct { Issuer string Audience []string JTI string IssuedAt time.Time ExpiresAt time.Time Extra map[string]any }
JARMClaims represent a token's claims.
func (*JARMClaims) Add ¶
func (c *JARMClaims) Add(key string, value any)
Add will add a key-value pair to the extra field
func (*JARMClaims) FromMap ¶
func (c *JARMClaims) FromMap(m map[string]any)
FromMap will set the claims based on a mapping
func (*JARMClaims) FromMapClaims ¶
func (c *JARMClaims) FromMapClaims(mc MapClaims)
FromMapClaims will populate claims from a jwt-go MapClaims representation
func (JARMClaims) Get ¶
func (c JARMClaims) Get(key string) any
Get will get a value from the extra field based on a given key
func (*JARMClaims) ToMap ¶
func (c *JARMClaims) ToMap() map[string]any
ToMap will transform the headers to a map structure
func (JARMClaims) ToMapClaims ¶
func (c JARMClaims) ToMapClaims() MapClaims
ToMapClaims will return a jwt-go MapClaims representation
type JWTClaims ¶
type JWTClaims struct { Subject string Issuer string Audience []string JTI string IssuedAt time.Time NotBefore time.Time ExpiresAt time.Time Scope []string Extra map[string]any ScopeField JWTScopeFieldEnum }
JWTClaims represent a token's claims.
func (*JWTClaims) FromMap ¶
FromMap will set the claims based on a mapping.
TODO: Refactor time permitting.
func (*JWTClaims) FromMapClaims ¶
FromMapClaims will populate claims from a jwt-go MapClaims representation
func (*JWTClaims) Sanitize ¶
func (c *JWTClaims) Sanitize() JWTClaimsContainer
func (JWTClaims) ToMapClaims ¶
ToMapClaims will return a jwt-go MapClaims representation
func (*JWTClaims) With ¶
func (c *JWTClaims) With(expiry time.Time, scope, audience []string) JWTClaimsContainer
func (*JWTClaims) WithDefaults ¶
func (c *JWTClaims) WithDefaults(iat, nbf time.Time, issuer string) JWTClaimsContainer
func (*JWTClaims) WithScopeField ¶
func (c *JWTClaims) WithScopeField(scopeField JWTScopeFieldEnum) JWTClaimsContainer
type JWTClaimsContainer ¶
type JWTClaimsContainer interface { // Sanitize should clear the IssuedAt and NotBefore values. Sanitize() JWTClaimsContainer // With returns a copy of itself with expiresAt, scope, audience set to the given values. With(expiry time.Time, scope, audience []string) JWTClaimsContainer // WithDefaults returns a copy of itself with issuedAt and issuer set to the given default values. If those // values are already set in the claims, they will not be updated. WithDefaults(iat, nbf time.Time, issuer string) JWTClaimsContainer // WithScopeField configures how a scope field should be represented in JWT. WithScopeField(scopeField JWTScopeFieldEnum) JWTClaimsContainer // ToMapClaims returns the claims as a github.com/dgrijalva/jwt-go.MapClaims type. ToMapClaims() MapClaims }
type JWTClaimsDefaults ¶
type JWTScopeFieldEnum ¶
type JWTScopeFieldEnum int
Enum for different types of scope encoding.
const ( JWTScopeFieldUnset JWTScopeFieldEnum = iota JWTScopeFieldList JWTScopeFieldString JWTScopeFieldBoth )
type Keyfunc ¶
Keyfunc is used by parsing methods to supply the key for verification. The function receives the parsed, but unverified Token. This allows you to use properties in the Header of the token (such as `kid`) to identify which key to use.
type MapClaims ¶
MapClaims provides backwards compatible validations not available in `go-jose`. It was taken from [here](https://raw.githubusercontent.com/form3tech-oss/jwt-go/master/map_claims.go).
Claims type that uses the map[string]any for JSON decoding This is the default claims type if you don't supply one
func (MapClaims) UnmarshalJSON ¶
func (MapClaims) Valid ¶
Valid validates time based claims "exp, iat, nbf". There is no accounting for clock skew. As well, if any of the above claims are not in the token, it will still be considered a valid claim.
func (MapClaims) VerifyAudience ¶
VerifyAudience compares the aud claim against cmp. If required is false, this method will return true if the value matches or is unset
func (MapClaims) VerifyExpiresAt ¶
VerifyExpiresAt compares the exp claim against cmp. If required is false, this method will return true if the value matches or is unset
func (MapClaims) VerifyIssuedAt ¶
VerifyIssuedAt compares the iat claim against cmp. If required is false, this method will return true if the value matches or is unset
func (MapClaims) VerifyIssuer ¶
VerifyIssuer compares the iss claim against cmp. If required is false, this method will return true if the value matches or is unset
type Signer ¶
type Signer interface { Generate(ctx context.Context, claims MapClaims, header Mapper) (tokenString string, signature string, err error) Validate(ctx context.Context, tokenString string) (signature string, err error) Hash(ctx context.Context, in []byte) ([]byte, error) Decode(ctx context.Context, tokenString string) (token *Token, err error) GetSignature(ctx context.Context, token string) (signature string, err error) GetSigningMethodLength(ctx context.Context) (length int) }
type Token ¶
type Token struct { Header map[string]any // The first segment of the token Claims MapClaims // The second segment of the token Method jose.SignatureAlgorithm // contains filtered or unexported fields }
Token represets a JWT Token This token provide an adaptation to transit from [jwt-go](https://github.com/dgrijalva/jwt-go) to [go-jose](https://github.com/square/go-jose) It provides method signatures compatible with jwt-go but implemented using go-json
func NewWithClaims ¶
NewWithClaims creates an unverified Token with the given claims and signing method
func ParseCustom ¶
func ParseCustom(tokenString string, keyFunc Keyfunc, algs ...jose.SignatureAlgorithm) (*Token, error)
ParseCustom parses, validates, and returns a token. The keyFunc will receive the parsed token and should return the key for validating. If everything is kosher, err will be nil.
func ParseCustomWithClaims ¶
func ParseCustomWithClaims(rawToken string, claims MapClaims, keyFunc Keyfunc, algs ...jose.SignatureAlgorithm) (*Token, error)
ParseCustomWithClaims parses, validates, and returns a token with its respective claims. The keyFunc will receive the parsed token and should return the key for validating. If everything is kosher, err will be nil.
func ParseWithClaims ¶
ParseWithClaims is an overload for ParseCustomWithClaims which accepts all normal algs including 'none'.
func (*Token) SignedString ¶
SignedString provides a compatible `jwt-go` Token.SignedString method
> Get the complete, signed token
type ValidationError ¶
type ValidationError struct { Inner error // stores the error returned by external dependencies, i.e.: KeyFunc Errors uint32 // bitfield. see ValidationError... constants // contains filtered or unexported fields }
The error from Parse if token is not valid
func (ValidationError) Error ¶
func (e ValidationError) Error() string
Validation error is an error type
func (*ValidationError) Has ¶
func (e *ValidationError) Has(verr uint32) bool