README
¶
package auth/jwt
package auth/jwt provides a set of interfaces for service authorization
through JSON Web Tokens.
Usage
NewParser takes a key function and an expected signing method and returns an
endpoint.Middleware. The middleware will parse a token passed into the
context via the jwt.JWTTokenContextKey. If the token is valid, any claims
will be added to the context via the jwt.JWTClaimsContextKey.
import (
stdjwt "github.com/dgrijalva/jwt-go"
"github.com/go-kit/kit/auth/jwt"
"github.com/go-kit/kit/endpoint"
)
func main() {
var exampleEndpoint endpoint.Endpoint
{
kf := func(token *stdjwt.Token) (interface{}, error) { return []byte("SigningString"), nil }
exampleEndpoint = MakeExampleEndpoint(service)
exampleEndpoint = jwt.NewParser(kf, stdjwt.SigningMethodHS256)(exampleEndpoint)
}
}
NewSigner takes a JWT key ID header, the signing key, signing method, and a
claims object. It returns an endpoint.Middleware. The middleware will build
the token string and add it to the context via the jwt.JWTTokenContextKey.
import (
stdjwt "github.com/dgrijalva/jwt-go"
"github.com/go-kit/kit/auth/jwt"
"github.com/go-kit/kit/endpoint"
)
func main() {
var exampleEndpoint endpoint.Endpoint
{
exampleEndpoint = grpctransport.NewClient(...).Endpoint()
exampleEndpoint = jwt.NewSigner(
"kid-header",
[]byte("SigningString"),
stdjwt.SigningMethodHS256,
jwt.Claims{},
)(exampleEndpoint)
}
}
In order for the parser and the signer to work, the authorization headers need
to be passed between the request and the context. ToHTTPContext(),
FromHTTPContext(), ToGRPCContext(), and FromGRPCContext() are given as
helpers to do this. These functions implement the correlating transport's
RequestFunc interface and can be passed as ClientBefore or ServerBefore
options.
Example of use in a client:
import (
stdjwt "github.com/dgrijalva/jwt-go"
grpctransport "github.com/go-kit/kit/transport/grpc"
"github.com/go-kit/kit/auth/jwt"
"github.com/go-kit/kit/endpoint"
)
func main() {
options := []httptransport.ClientOption{}
var exampleEndpoint endpoint.Endpoint
{
exampleEndpoint = grpctransport.NewClient(..., grpctransport.ClientBefore(jwt.FromGRPCContext())).Endpoint()
exampleEndpoint = jwt.NewSigner(
"kid-header",
[]byte("SigningString"),
stdjwt.SigningMethodHS256,
jwt.Claims{},
)(exampleEndpoint)
}
}
Example of use in a server:
import (
"context"
"github.com/go-kit/kit/auth/jwt"
"github.com/go-kit/kit/log"
grpctransport "github.com/go-kit/kit/transport/grpc"
)
func MakeGRPCServer(ctx context.Context, endpoints Endpoints, logger log.Logger) pb.ExampleServer {
options := []grpctransport.ServerOption{grpctransport.ServerErrorLogger(logger)}
return &grpcServer{
createUser: grpctransport.NewServer(
ctx,
endpoints.CreateUserEndpoint,
DecodeGRPCCreateUserRequest,
EncodeGRPCCreateUserResponse,
append(options, grpctransport.ServerBefore(jwt.ToGRPCContext()))...,
),
getUser: grpctransport.NewServer(
ctx,
endpoints.GetUserEndpoint,
DecodeGRPCGetUserRequest,
EncodeGRPCGetUserResponse,
options...,
),
}
}
Documentation
¶
Index ¶
- Constants
- Variables
- func FromGRPCContext() grpc.ClientRequestFunc
- func FromHTTPContext() http.RequestFunc
- func NewParser(keyFunc jwt.Keyfunc, method jwt.SigningMethod) endpoint.Middleware
- func NewSigner(kid string, key []byte, method jwt.SigningMethod, claims Claims) endpoint.Middleware
- func ToGRPCContext() grpc.ServerRequestFunc
- func ToHTTPContext() http.RequestFunc
- type Claims
Constants ¶
const ( // JWTTokenContextKey holds the key used to store a JWT Token in the // context. JWTTokenContextKey contextKey = "JWTToken" // JWTClaimsContextKey holds the key used to store the JWT Claims in the // context. JWTClaimsContextKey contextKey = "JWTClaims" )
Variables ¶
var ( // ErrTokenContextMissing denotes a token was not passed into the parsing // middleware's context. ErrTokenContextMissing = errors.New("token up for parsing was not passed through the context") // ErrTokenInvalid denotes a token was not able to be validated. ErrTokenInvalid = errors.New("JWT Token was invalid") // ErrTokenExpired denotes a token's expire header (exp) has since passed. ErrTokenExpired = errors.New("JWT Token is expired") // ErrTokenMalformed denotes a token was not formatted as a JWT token. ErrTokenMalformed = errors.New("JWT Token is malformed") // ErrTokenNotActive denotes a token's not before header (nbf) is in the // future. ErrTokenNotActive = errors.New("token is not valid yet") // ErrUnexpectedSigningMethod denotes a token was signed with an unexpected // signing method. ErrUnexpectedSigningMethod = errors.New("unexpected signing method") )
Functions ¶
func FromGRPCContext ¶ added in v0.3.0
func FromGRPCContext() grpc.ClientRequestFunc
FromGRPCContext moves JWT token from context to grpc metadata. Particularly useful for clients.
func FromHTTPContext ¶ added in v0.3.0
func FromHTTPContext() http.RequestFunc
FromHTTPContext moves JWT token from context to request header. Particularly useful for clients.
func NewParser ¶
func NewParser(keyFunc jwt.Keyfunc, method jwt.SigningMethod) endpoint.Middleware
NewParser creates a new JWT token parsing middleware, specifying a jwt.Keyfunc interface and the signing method. NewParser adds the resulting claims to endpoint context or returns error on invalid token. Particularly useful for servers.
func NewSigner ¶
func NewSigner(kid string, key []byte, method jwt.SigningMethod, claims Claims) endpoint.Middleware
NewSigner creates a new JWT token generating middleware, specifying key ID, signing string, signing method and the claims you would like it to contain. Tokens are signed with a Key ID header (kid) which is useful for determining the key to use for parsing. Particularly useful for clients.
func ToGRPCContext ¶ added in v0.3.0
func ToGRPCContext() grpc.ServerRequestFunc
ToGRPCContext moves JWT token from grpc metadata to context. Particularly userful for servers.
func ToHTTPContext ¶ added in v0.3.0
func ToHTTPContext() http.RequestFunc
ToHTTPContext moves JWT token from request header to context. Particularly useful for servers.
Source Files