jwt

package
v0.0.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 7, 2022 License: MIT Imports: 9 Imported by: 1

Documentation

Overview

Package jwt provides utility functions for validating JSON Web Tokens (JWT) as defined by Cloud Identity-Aware Proxy (Cloud IAP). This package follows the instructions specified at https://cloud.google.com/iap/docs/signed-headers-howtospecifications

Index

Constants

This section is empty.

Variables

View Source
var (
	// PublicKeysURL is the URL from which public keys will be fetched.
	PublicKeysURL = "https://www.gstatic.com/iap/verify/public_key"
	// HTTPClient is the default HTTP Client to use for fetching public keys.
	HTTPClient = &http.Client{Timeout: 10 * time.Second}
)

Functions

func DecodePublicKeys

func DecodePublicKeys(r io.Reader) (map[string]PublicKey, error)

DecodePublicKeys decodes all public keys from the given Reader.

func FetchPublicKeys

func FetchPublicKeys() (map[string]PublicKey, error)

FetchPublicKeys downloads and decodes all public keys from Google.

func ValidateRequestClaims

func ValidateRequestClaims(req *http.Request, cfg *Config) error

ValidateRequestClaims checks the validity of the claims in the request.

Types

type Audience

type Audience string

Audience is a string wrapper to provide validation logic for GCP IAP audience URLs. From the IAP docs at https://cloud.google.com/iap/docs/signed-headers-howto: Audience must be a string with the following values: * App Engine: /projects/PROJECT_NUMBER/apps/PROJECT_ID * Compute Engine and Container Engine: /projects/PROJECT_NUMBER/global/backendServices/SERVICE_ID

func NewAudience

func NewAudience(u string) *Audience

NewAudience returns an Audience from a string.

func ParseAudience

func ParseAudience(rawAudience string) (*Audience, error)

ParseAudience parses an Audience from a string.

func (*Audience) Validate

func (aud *Audience) Validate() error

Validate performs error checking on the Audience's URL.

type Claims

type Claims struct {
	jwt.StandardClaims
	Email string `json:"email,omitempty"`

	Google GoogleClaim `json:"google,omitempty"`
	// contains filtered or unexported fields
}

Claims represents parsed JWT Token Claims.

func RequestClaims

func RequestClaims(req *http.Request, cfg *Config) (*Claims, error)

RequestClaims checks the validity and returns the claims in the request. Claims may be returned even if an error occurs.

func (Claims) Valid

func (c Claims) Valid() error

Valid validates the Claims.

type Config

type Config struct {
	PublicKeys     map[string]PublicKey
	MatchAudiences *regexp.Regexp
}

Config specifies the parameters for which to perform validation of JWT tokens in requests against.

func (*Config) Validate

func (cfg *Config) Validate() error

Validate validates the Configuration.

type GoogleClaim added in v0.0.4

type GoogleClaim struct {
	AccessLevels []string `json:"access_levels,omitempty"`
	DeviceID     string   `json:"device_id,omitempty"`
}

type PublicKey

type PublicKey []byte

PublicKey are Google's public keys to use for JWT token validation.

func CreatePublicKey

func CreatePublicKey(b []byte) PublicKey

CreatePublicKey creates a PublicKey from a byte slice.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL