Documentation
¶
Overview ¶
Package jws provides a partial implementation of JSON Web Signature encoding and decoding. It includes support for HS256, HS384, HS512, RS256, RS384, and RS512 algorithms, although developers may extend this package by creating new Signer interfaces.
See RFC 7515.
Index ¶
- func DecodeHeader(token string, hdr interface{}) error
- func ParseRSAKey(key []byte) (*rsa.PrivateKey, error)
- func Verify(token string, v Verifier) error
- type ClaimSet
- type Signer
- func HS256(secret []byte) Signer
- func HS384(secret []byte) Signer
- func HS512(secret []byte) Signer
- func RS256(key *rsa.PrivateKey, keyID string) Signer
- func RS256FromPEM(pemBytes []byte, keyID string) (Signer, error)
- func RS384(key *rsa.PrivateKey, keyID string) Signer
- func RS384FromPEM(pemBytes []byte, keyID string) (Signer, error)
- func RS512(key *rsa.PrivateKey, keyID string) Signer
- func RS512FromPEM(pemBytes []byte, keyID string) (Signer, error)
- type Verifier
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DecodeHeader ¶
DecodeHeader decodes the header from a JWT into hdr (usually a &map[string]interface{})
func ParseRSAKey ¶
func ParseRSAKey(key []byte) (*rsa.PrivateKey, error)
ParseRSAKey converts the binary contents of a private key file to an *rsa.PrivateKey. It detects whether the private key is in a PEM container or not. If so, it extracts the the private key from PEM container before conversion. It only supports PEM containers with no passphrase.
Types ¶
type ClaimSet ¶
type ClaimSet struct {
Issuer string // iss: client_id of the application making the access token request
Audience string // aud: descriptor of the intended target of the assertion (Optional).
ExpiresAt int64 // exp: the expiration time of the assertion (seconds since Unix epoch)
IssuedAt int64 // iat: the time the assertion was issued (seconds since Unix epoch)
NotBefore int64 // nbf: the time before which the JWT MUST NOT be accepted for processing (Optional)
ID string // jti: The "jti" (JWT ID) claim provides a unique identifier for the JWT (Optional)
Subject string // sub: Email/UserID for which the application is requesting delegated access (Optional).
// See https://tools.ietf.org/html/rfc7519#section-4.3
// This array is marshalled using custom code (see (c *ClaimSet) MarshalJSON()).
PrivateClaims map[string]interface{}
}
ClaimSet contains information about the JWT signature including the permissions being requested (scopes), the target of the token, the issuer, the time the token was issued, and the lifetime of the token. see https://tools.ietf.org/html/rfc7519
func DecodePayload ¶
DecodePayload decodes a claim set from a JWT.
func (*ClaimSet) MarshalJSON ¶
MarshalJSON flattens json output of PrivateClaims
func (*ClaimSet) SetExpirationClaims ¶
SetExpirationClaims sets the IssuedAt (iat) and ExpiresAt (exp) claims
func (*ClaimSet) UnmarshalJSON ¶
UnmarshalJSON places extra keys into PrivateClaims
type Signer ¶
Signer provides a signature for a JWT as well as the Header
func HS256 ¶
HS256 returns a signer implementing the HMAC with SHA-256 algorithm with the passed secret.
func HS384 ¶
HS384 returns a signer implementing the HMAC with SHA-384 algorithm with the passed secret.
func HS512 ¶
HS512 returns a signer implementing the HMAC with SHA-512 algorithm with the passed secret.
func RS256 ¶
func RS256(key *rsa.PrivateKey, keyID string) Signer
RS256 creates a signer for the RS256 algorithm
func RS256FromPEM ¶
RS256FromPEM creates a signer that implements the RS256 (RSA PKCS#1 with SHA-512) algorithm for the encoded key in pemBytes. An error is returned if the pem encoding is invalid. pemBytes should contain the contents of a PEM file using PKCS8 or PKCS1 encoding. PEM containers with a passphrase are not supported. Use the following command to convert a PKCS 12 file into a PEM.
$ openssl pkcs12 -in key.p12 -out key.pem -nodes
func RS384 ¶
func RS384(key *rsa.PrivateKey, keyID string) Signer
RS384 creates a signer that implements the RS512 (RSA PKCS#1 with SHA-384) algorithm for the key. keyID is the optional and will be used in the kid header claim.
func RS384FromPEM ¶
RS384FromPEM creates a signer that implements the RS384 (RSA PKCS#1 with SHA-512) algorithm for the encoded key in pemBytes. An error is returned if the pem encoding is invalid. pemBytes should contain the contents of a PEM file using PKCS8 or PKCS1 encoding. PEM containers with a passphrase are not supported.
func RS512 ¶
func RS512(key *rsa.PrivateKey, keyID string) Signer
RS512 creates a signer that implements the RS512 (RSA PKCS#1 with SHA-512) algorithm for the key. keyID is the optional and will be used in the kid header claim.
func RS512FromPEM ¶
RS512FromPEM creates a signer that implements the RS512 (RSA PKCS#1 with SHA-512) algorithm for the encoded key in pemBytes. An error is returned if the pem encoding is invalid. pemBytes should contain the contents of a PEM file using PKCS8 or PKCS1 encoding. PEM containers with a passphrase are not supported.
type Verifier ¶
Verifier is a funct that verifies the signature of a specific content
func HS256Verifier ¶
HS256Verifier verifies the signature using SHA256 hmac using secret
func HS384Verifier ¶
HS384Verifier verifies the signature using SHA384 hmac using secret
func HS512Verifier ¶
HS512Verifier verifies the signature using SHA384 hmac using secret
func RS256Verifier ¶
RS256Verifier verifies the signature using PKCS1v15 using key
func RS384Verifier ¶
RS384Verifier verifies the signature using PKCS1v15 using key
func RS512Verifier ¶
RS512Verifier verifies the signature using PKCS1v15 using key
Source Files