jwt

package

v2.31.2 Latest Latest Go to latest Published: Jan 26, 2024 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ONSdigital/dp-authorisation

Links

Open Source Insights

README ¶

JWT

The JWT package provides functions to parse a JWT token and extract entity data from it.

Usage

Create a new instance of a JWT parser

  import (
    "github.com/ONSdigital/dp-authorisation/v2/jwt"
    "github.com/ONSdigital/dp-authorisation/v2/permissions"
  )
  
  ...

  p, err := jwt.NewCognitoRSAParser(publicKey)

The public key value should come from the service configuration. The NewCognitoRSAParser is tailored for JWT tokens generated by AWS Cognito. These tokens use RSA encryption for token verification, and have Cognito specific claims. Other Parser implementations can be used, as long as they implement the generic parse function.

Parse(tokenString string) (*permsdk.EntityData, error)

Parse a JWT token

entityData, err := p.Parse(jwtToken)

Documentation ¶

Index ¶

Constants
Variables
type CognitoRSAParser
- func NewCognitoRSAParser(base64EncodedPublicKey map[string]string) (*CognitoRSAParser, error)
- func (p CognitoRSAParser) Parse(tokenString string) (*permsdk.EntityData, error)

Constants ¶

View Source

const (
	Kid = "kid"
)

Variables ¶

View Source

var (
	ErrFailedToParsePublicKey     = errors.New("error parsing public key for jwt verification")
	ErrUnexpectedKeyType          = errors.New("unexpected public key type for jwt verification")
	ErrInvalidSignature           = errors.New("jwt verification failed due to an invalid signature")
	ErrTokenExpired               = errors.New("jwt token has expired")
	ErrTokenNotYetValid           = errors.New("jwt token is not yet valid")
	ErrTokenMalformed             = errors.New("jwt token is malformed")
	ErrTokenInvalid               = errors.New("jwt token is not valid") // more generic error to catch any other cases
	ErrTokenUnsupportedEncryption = errors.New("only rsa encrypted jwt tokens are supported")
	ErrNoUserID                   = errors.New("jwt token does not have a user id")
	ErrFailedToParseClaims        = errors.New("failed to read claims from jwt token")
	ErrNoGroups                   = errors.New("jwt token does not have any groups")
	ErrJWTKeySet                  = errors.New("key id unknown or invalid")
	ErrPublickeysEmpty            = errors.New("public keys map is empty")
)

Functions ¶

This section is empty.

Types ¶

type CognitoRSAParser ¶

type CognitoRSAParser struct {
	PublicKeys map[string]*rsa.PublicKey
	// contains filtered or unexported fields
}

CognitoRSAParser parses JWT tokens that have an RSA encrypted signature, and contain AWS cognito specific claims.

func NewCognitoRSAParser ¶

func NewCognitoRSAParser(base64EncodedPublicKey map[string]string) (*CognitoRSAParser, error)

NewCognitoRSAParser creates a new instance of CognitoRSAParser using the given public key value.

func (CognitoRSAParser) Parse ¶

func (p CognitoRSAParser) Parse(tokenString string) (*permsdk.EntityData, error)

Parse and verify the given JWT token, and return the EntityData contained within the JWT (user ID and groups list)

Source Files ¶

View all Source files

parser.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL