Documentation
¶
Overview ¶
Package jwks contains clients for getting public keys from JWKS.
Index ¶
Constants ¶
const DefaultCacheUpdateMinInterval = time.Minute * 1
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CachingClient ¶
type CachingClient struct {
// contains filtered or unexported fields
}
CachingClient is a Client for getting keys from remote JWKS with a caching mechanism.
func NewCachingClient ¶
func NewCachingClient() *CachingClient
NewCachingClient returns a new Client that can cache fetched data.
func NewCachingClientWithOpts ¶
func NewCachingClientWithOpts(opts CachingClientOpts) *CachingClient
NewCachingClientWithOpts returns a new Client that can cache fetched data with options.
func (*CachingClient) GetRSAPublicKey ¶
func (cc *CachingClient) GetRSAPublicKey(ctx context.Context, issuerURL, keyID string) (interface{}, error)
GetRSAPublicKey searches JWK with passed key ID in JWKS and returns decoded RSA public key for it. The last one can be used for verifying JWT signature. Obtained JWKS is cached. If passed issuer URL or key ID is not found in the cache, JWKS will be fetched again, but not more than once in a some (configurable) period of time.
func (*CachingClient) InvalidateCacheIfNeeded ¶
func (cc *CachingClient) InvalidateCacheIfNeeded(ctx context.Context, issuerURL string) error
InvalidateCacheIfNeeded does cache invalidation for specific issuer URL if it's necessary.
type CachingClientOpts ¶
type CachingClientOpts struct {
ClientOpts
// CacheUpdateMinInterval is a minimal interval between cache updates for the same issuer.
CacheUpdateMinInterval time.Duration
}
CachingClientOpts contains options for CachingClient.
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client gets public keys from remote JWKS. It uses jwks_uri field from /.well-known/openid-configuration endpoint. NOTE: CachingClient should be used in a typical service to avoid making HTTP requests on each JWT verification.
func NewClientWithOpts ¶
func NewClientWithOpts(opts ClientOpts) *Client
NewClientWithOpts returns a new Client with options.
type ClientOpts ¶
type ClientOpts struct {
// HTTPClient is an HTTP client for making requests.
HTTPClient *http.Client
// LoggerProvider is a function that provides a logger for the Client.
LoggerProvider func(ctx context.Context) log.FieldLogger
// PrometheusLibInstanceLabel is a label for Prometheus metrics.
// It allows distinguishing metrics from different instances of the same library.
PrometheusLibInstanceLabel string
}
ClientOpts contains options for the JWKS client.
type GetJWKSError ¶
GetJWKSError is an error that may occur during getting JWKS.
func (*GetJWKSError) Error ¶
func (e *GetJWKSError) Error() string
func (*GetJWKSError) Unwrap ¶
func (e *GetJWKSError) Unwrap() error
type GetOpenIDConfigurationError ¶
GetOpenIDConfigurationError is an error that may occur during getting openID configuration for issuer.
func (*GetOpenIDConfigurationError) Error ¶
func (e *GetOpenIDConfigurationError) Error() string
func (*GetOpenIDConfigurationError) Unwrap ¶
func (e *GetOpenIDConfigurationError) Unwrap() error
type JWKNotFoundError ¶
JWKNotFoundError is an error that occurs when JWK is not found by kid.
func (*JWKNotFoundError) Error ¶
func (e *JWKNotFoundError) Error() string
Source Files