jwt

Documentation

Overview

Package jwt provides utility functions for validating JSON Web Tokens (JWT) as defined by Cloud Identity-Aware Proxy (Cloud IAP). This package follows the instructions specified at https://cloud.google.com/iap/docs/signed-headers-howtospecifications

Index

• Variables
• func DecodePublicKeys(r io.Reader) (map[string]PublicKey, error)
• func FetchPublicKeys() (map[string]PublicKey, error)
• func ValidateRequestClaims(req *http.Request, cfg *Config) error
• type Audience
  • func NewAudience(u string) *Audience
  • func ParseAudience(rawAudience string) (*Audience, error)
  • func (aud *Audience) Validate() error
• type Claims
  • func RequestClaims(req *http.Request, cfg *Config) (*Claims, error)
  • func (c Claims) Valid() error
• type Config
  • func (cfg *Config) Validate() error
• type PublicKey
  • func CreatePublicKey(b []byte) PublicKey

Variables

var (
	// PublicKeysURL is the URL from which public keys will be fetched.
	PublicKeysURL = "https://www.gstatic.com/iap/verify/public_key"
	// HTTPClient is the default HTTP Client to use for fetching public keys.
	HTTPClient = &http.Client{Timeout: 10 * time.Second}
)

Functions

func DecodePublicKeys

func DecodePublicKeys(r io.Reader) (map[string]PublicKey, error)

DecodePublicKeys decodes all public keys from the given Reader.

func FetchPublicKeys

func FetchPublicKeys() (map[string]PublicKey, error)

FetchPublicKeys downloads and decodes all public keys from Google.

func ValidateRequestClaims

func ValidateRequestClaims(req *http.Request, cfg *Config) error

ValidateRequestClaims checks the validity of the claims in the request.

Types

type Audience

type Audience string

Audience is a string wrapper to provide validation logic for GCP IAP audience URLs. From the IAP docs at https://cloud.google.com/iap/docs/signed-headers-howto: Audience must be a string with the following values: * App Engine: /projects/PROJECT_NUMBER/apps/PROJECT_ID * Compute Engine and Container Engine: /projects/PROJECT_NUMBER/global/backendServices/SERVICE_ID

func NewAudience

func NewAudience(u string) *Audience

NewAudience returns an Audience from a string.

func ParseAudience

func ParseAudience(rawAudience string) (*Audience, error)

ParseAudience parses an Audience from a string.

func (*Audience) Validate

func (aud *Audience) Validate() error

Validate performs error checking on the Audience's URL.

type Claims

type Claims struct {
	jwt.StandardClaims
	Domain string `json:"hd,omitempty"`
	Email  string `json:"email,omitempty"`
	// contains filtered or unexported fields
}

Claims represents parsed JWT Token Claims.

func RequestClaims

func RequestClaims(req *http.Request, cfg *Config) (*Claims, error)

RequestClaims checks the validity and returns the claims in the request. Claims may be returned even if an error occurs.

func (Claims) Valid

func (c Claims) Valid() error

Valid validates the Claims.

type Config

type Config struct {
	PublicKeys     map[string]PublicKey
	MatchAudiences *regexp.Regexp
	MatchDomains   map[string]bool
}

Config specifies the parameters for which to perform validation of JWT tokens in requests against.

func (*Config) Validate

func (cfg *Config) Validate() error

Validate validates the Configuration.

type PublicKey

type PublicKey []byte

PublicKey are Google's public keys to use for JWT token validation.

func CreatePublicKey

func CreatePublicKey(b []byte) PublicKey

CreatePublicKey creates a PublicKey from a byte slice.