wirepact

Documentation

Index

• Constants
• func CreateSignedJWTForUser(config *JWTConfig, userID string) (string, error)
• func GetJWTUserSubject(wirePactJWT string) (string, error)
• type JWTConfig

Constants

const (
	// IdentityHeader defines the header that is transmitted
	// as the WirePact identity. This is a RSA256 signed JSONWebToken (JWT).
	IdentityHeader = "x-wirepact-identity"

	// AuthorizationHeader is the default HTTP header for authorization.
	AuthorizationHeader = "authorization"
)

Functions

func CreateSignedJWTForUser

func CreateSignedJWTForUser(config *JWTConfig, userID string) (string, error)

CreateSignedJWTForUser creates a valid signed JWT for the given userID. The JWT is signed with the private key (RSA256) from the key material. Additionally, the optional headers "x5c" and "x5t" (https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.6) are added - as they are required by WirePact - to enable the receiver to validate the presented signature. The audience is always set to "WirePact".

func GetJWTUserSubject

func GetJWTUserSubject(wirePactJWT string) (string, error)

GetJWTUserSubject takes the WirePact encoded JWT and extracts the user subject. First, the function checks the x5c and x5t headers and validates the JWT signature against its own CA certificate. Then, if the JWT is valid the subject is extracted. If any error occurs (missing certificate headers, wrong certificate or other errors) the error is returned with an empty string.

Types

type JWTConfig

type JWTConfig struct {
	// The issuer that is inserted into the JWT.
	Issuer string

	// The lifetime of the token in a go duration.
	// If omitted, 60 seconds are used.
	Lifetime time.Duration
}

JWTConfig contains specialized configuration for the CreateSignedJWTForUser method.