validator

package
v2.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 23, 2024 License: MIT Imports: 5 Imported by: 128

Documentation

Overview

Package validator contains an implementation of jwtmiddleware.ValidateToken using the Square go-jose package version 2.

The implementation handles some nuances around JWTs and supports: - a key func to pull the key(s) used to verify the token signature - verifying the signature algorithm is what it should be - validation of "regular" claims - validation of custom claims - clock skew allowances

When this package is used, tokens are returned as `JSONWebToken` from the gopkg.in/square/go-jose.v2/jwt package.

Note that while the jose package does support multi-recipient JWTs, this package does not support them.

Index

Constants

View Source
const (
	EdDSA = SignatureAlgorithm("EdDSA")
	HS256 = SignatureAlgorithm("HS256") // HMAC using SHA-256
	HS384 = SignatureAlgorithm("HS384") // HMAC using SHA-384
	HS512 = SignatureAlgorithm("HS512") // HMAC using SHA-512
	RS256 = SignatureAlgorithm("RS256") // RSASSA-PKCS-v1.5 using SHA-256
	RS384 = SignatureAlgorithm("RS384") // RSASSA-PKCS-v1.5 using SHA-384
	RS512 = SignatureAlgorithm("RS512") // RSASSA-PKCS-v1.5 using SHA-512
	ES256 = SignatureAlgorithm("ES256") // ECDSA using P-256 and SHA-256
	ES384 = SignatureAlgorithm("ES384") // ECDSA using P-384 and SHA-384
	ES512 = SignatureAlgorithm("ES512") // ECDSA using P-521 and SHA-512
	PS256 = SignatureAlgorithm("PS256") // RSASSA-PSS using SHA256 and MGF1-SHA256
	PS384 = SignatureAlgorithm("PS384") // RSASSA-PSS using SHA384 and MGF1-SHA384
	PS512 = SignatureAlgorithm("PS512") // RSASSA-PSS using SHA512 and MGF1-SHA512
)

Signature algorithms

Variables

This section is empty.

Functions

This section is empty.

Types

type CustomClaims

type CustomClaims interface {
	Validate(context.Context) error
}

CustomClaims defines any custom data / claims wanted. The Validator will call the Validate function which is where custom validation logic can be defined.

type Option

type Option func(*Validator)

Option is how options for the Validator are set up.

func WithAllowedClockSkew

func WithAllowedClockSkew(skew time.Duration) Option

WithAllowedClockSkew is an option which sets up the allowed clock skew for the token. Note that in order to use this the expected claims Time field MUST not be time.IsZero(). If this option is not used clock skew is not allowed.

func WithCustomClaims

func WithCustomClaims(f func() CustomClaims) Option

WithCustomClaims sets up a function that returns the object CustomClaims that will be unmarshalled into and on which Validate is called on for custom validation. If this option is not used the Validator will do nothing for custom claims.

type RegisteredClaims

type RegisteredClaims struct {
	Issuer    string   `json:"iss,omitempty"`
	Subject   string   `json:"sub,omitempty"`
	Audience  []string `json:"aud,omitempty"`
	Expiry    int64    `json:"exp,omitempty"`
	NotBefore int64    `json:"nbf,omitempty"`
	IssuedAt  int64    `json:"iat,omitempty"`
	ID        string   `json:"jti,omitempty"`
}

RegisteredClaims represents public claim values (as specified in RFC 7519).

type SignatureAlgorithm

type SignatureAlgorithm string

SignatureAlgorithm is a signature algorithm.

type ValidatedClaims

type ValidatedClaims struct {
	CustomClaims     CustomClaims
	RegisteredClaims RegisteredClaims
}

ValidatedClaims is the struct that will be inserted into the context for the user. CustomClaims will be nil unless WithCustomClaims is passed to New.

type Validator

type Validator struct {
	// contains filtered or unexported fields
}

Validator to use with the jose v2 package.

func New

func New(
	keyFunc func(context.Context) (interface{}, error),
	signatureAlgorithm SignatureAlgorithm,
	issuerURL string,
	audience []string,
	opts ...Option,
) (*Validator, error)

New sets up a new Validator with the required keyFunc and signatureAlgorithm as well as custom options.

func (*Validator) ValidateToken

func (v *Validator) ValidateToken(ctx context.Context, tokenString string) (interface{}, error)

ValidateToken validates the passed in JWT using the jose v2 package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL