jwt

package

v0.0.35 Latest Latest Go to latest Published: Mar 10, 2024 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cultureamp/ca-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Example ¶

package main

import (
	"fmt"
	"os"
	"path/filepath"
	"time"

	"github.com/cultureamp/ca-go/jwt"
)

const (
	webGatewayKid = "web-gateway"
)

func main() {
	claims := &jwt.StandardClaims{
		AccountId:       "abc123",
		RealUserId:      "xyz234",
		EffectiveUserId: "xyz345",
		ExpiresAt:       time.Unix(2211797532, 0), //  2/2/2040
		IssuedAt:        time.Unix(1580608922, 0), // 1/1/2020
		NotBefore:       time.Unix(1580608922, 0), // 1/1/2020
	}

	// Encode this claim with the default "web-gateway" key and add the kid to the token header
	token, err := jwt.Encode(claims)
	fmt.Printf("The encoded token is '%s' (err='%v')\n", token, err)

	// Decode it back again using the key that matches the kid header using the default JWKS JSON keys
	claim, err := jwt.Decode(token)
	fmt.Printf("The decoded token is '%s %s %s %s' (err='%+v')\n", claim.AccountId, claim.RealUserId, claim.EffectiveUserId, claim.ExpiresAt.UTC().Format(time.RFC3339), err)

	// To create a specific instance of the encoder and decoder you can use the following
	privateKeyBytes, err := os.ReadFile(filepath.Clean("./testKeys/jwt-rsa256-test-webgateway.key"))
	encoder, err := jwt.NewJwtEncoder(string(privateKeyBytes), webGatewayKid)

	token, err = encoder.Encode(claims)
	fmt.Printf("The encoded token is '%s' (err='%v')\n", token, err)

	b, err := os.ReadFile(filepath.Clean("./testKeys/development.jwks"))
	decoder, err := jwt.NewJwtDecoderWithDefaultKid(string(b), webGatewayKid)

	claim, err = decoder.Decode(token)
	fmt.Printf("The decoded token is '%s %s %s %s' (err='%+v')\n", claim.AccountId, claim.RealUserId, claim.EffectiveUserId, claim.ExpiresAt.UTC().Format(time.RFC3339), err)

}

Output:

The encoded token is 'eyJhbGciOiJSUzI1NiIsImtpZCI6IndlYi1nYXRld2F5IiwidHlwIjoiSldUIn0.eyJhY2NvdW50SWQiOiJhYmMxMjMiLCJlZmZlY3RpdmVVc2VySWQiOiJ4eXozNDUiLCJyZWFsVXNlcklkIjoieHl6MjM0IiwiaXNzIjoiY2EtZ28vand0Iiwic3ViIjoic3RhbmRhcmQiLCJleHAiOjIyMTE3OTc1MzIsIm5iZiI6MTU4MDYwODkyMiwiaWF0IjoxNTgwNjA4OTIyfQ.IYPu_PGUO7lpy_wTSObA4S-n9HQUwPf2kTG2AzvSFUwfz994SHZOazYL7CyiRqqhIndIt5R4CQ3cXY7_Lok_wgBQ-U4FAciJw0Fx9tawJIEqwVeL10P4w0h5OIU21E7jeNmlcLOO57QN-ip7hc_--zyAFVKV5qjlbemuHWWpeUGu62SsdHr4J33O6hR8ubTyfXVF7wxKhNM4hCdM7PNanP9OOyAgEWxhwutURiA1nJsATwDf6QKNceGpqkb5A31PvFdfPHoktY4u6e4feBt2KjYJ1xy9opDlllFOEIwTw4nuksQk4q3437bGtfoQkC_CTGO83YTX5GHs70rxu_AubBxCazqSxqMwagiekkpgKZd6d0g7u5F5K8QImRJsore3oHNDAuVg7pbZmH9sApFN_bJhonOkECoPeeF5oYLSLHOXjN7CakvAsmCW01_ENPVXXO2E1yObzwmsY28_Ox5r_jC6XugGdXVfco6l1Oqbxb0ogG6BbOngYEZwVMbEO5qsBnUtBfr0nNUjFKIYCYXdpoeT_bxlt8GI4H2cMAb6FGa_XIEd60fJGazgAk9axA61xHEnqxgUyZv5PEL908zPBRvcNGpQuMsDpGOXTOQ_fgJO1IRBx4VwWcobzKbOyRNarTNwQZH0OY13HMMnFoiPjk8U0fWkJdj1ujobTQYYtz0' (err='<nil>')
The decoded token is 'abc123 xyz234 xyz345 2040-02-02T12:12:12Z' (err='<nil>')
The encoded token is 'eyJhbGciOiJSUzI1NiIsImtpZCI6IndlYi1nYXRld2F5IiwidHlwIjoiSldUIn0.eyJhY2NvdW50SWQiOiJhYmMxMjMiLCJlZmZlY3RpdmVVc2VySWQiOiJ4eXozNDUiLCJyZWFsVXNlcklkIjoieHl6MjM0IiwiaXNzIjoiY2EtZ28vand0Iiwic3ViIjoic3RhbmRhcmQiLCJleHAiOjIyMTE3OTc1MzIsIm5iZiI6MTU4MDYwODkyMiwiaWF0IjoxNTgwNjA4OTIyfQ.IYPu_PGUO7lpy_wTSObA4S-n9HQUwPf2kTG2AzvSFUwfz994SHZOazYL7CyiRqqhIndIt5R4CQ3cXY7_Lok_wgBQ-U4FAciJw0Fx9tawJIEqwVeL10P4w0h5OIU21E7jeNmlcLOO57QN-ip7hc_--zyAFVKV5qjlbemuHWWpeUGu62SsdHr4J33O6hR8ubTyfXVF7wxKhNM4hCdM7PNanP9OOyAgEWxhwutURiA1nJsATwDf6QKNceGpqkb5A31PvFdfPHoktY4u6e4feBt2KjYJ1xy9opDlllFOEIwTw4nuksQk4q3437bGtfoQkC_CTGO83YTX5GHs70rxu_AubBxCazqSxqMwagiekkpgKZd6d0g7u5F5K8QImRJsore3oHNDAuVg7pbZmH9sApFN_bJhonOkECoPeeF5oYLSLHOXjN7CakvAsmCW01_ENPVXXO2E1yObzwmsY28_Ox5r_jC6XugGdXVfco6l1Oqbxb0ogG6BbOngYEZwVMbEO5qsBnUtBfr0nNUjFKIYCYXdpoeT_bxlt8GI4H2cMAb6FGa_XIEd60fJGazgAk9axA61xHEnqxgUyZv5PEL908zPBRvcNGpQuMsDpGOXTOQ_fgJO1IRBx4VwWcobzKbOyRNarTNwQZH0OY13HMMnFoiPjk8U0fWkJdj1ujobTQYYtz0' (err='<nil>')
The decoded token is 'abc123 xyz234 xyz345 2040-02-02T12:12:12Z' (err='<nil>')

Index ¶

Variables
func Encode(claims *StandardClaims) (string, error)
type JwtDecoder
- func NewJwtDecoder(jwkKeys string) (*JwtDecoder, error)
- func NewJwtDecoderWithDefaultKid(jwkKeys string, defaultKid string) (*JwtDecoder, error)
- func (d *JwtDecoder) Decode(tokenString string) (*StandardClaims, error)
type JwtEncoder
- func NewJwtEncoder(privateKey string, kid string) (*JwtEncoder, error)
- func (e *JwtEncoder) Encode(claims *StandardClaims) (string, error)
type StandardClaims
- func Decode(tokenString string) (*StandardClaims, error)

Examples ¶

Package

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	DefaultJwtDecoder *JwtDecoder = getDecoderInstance()
	DefaultJwtEncoder *JwtEncoder = getEncoderInstance()
)

Functions ¶

func Encode ¶

func Encode(claims *StandardClaims) (string, error)

Encode the Standard Culture Amp Claims in a jwt token string.

Types ¶

type JwtDecoder ¶

type JwtDecoder struct {
	// contains filtered or unexported fields
}

JwtDecoder can decode a jwt token string.

func NewJwtDecoder ¶

func NewJwtDecoder(jwkKeys string) (*JwtDecoder, error)

NewJwtDecoder creates a new JwtDecoder with the default "web-gateway" kid key.

func NewJwtDecoderWithDefaultKid ¶

func NewJwtDecoderWithDefaultKid(jwkKeys string, defaultKid string) (*JwtDecoder, error)

NewJwtDecoder creates a new JwtDecoder with a specified default kid key.

func (*JwtDecoder) Decode ¶

func (d *JwtDecoder) Decode(tokenString string) (*StandardClaims, error)

Decode a jwt token string and return the Standard Culture Amp Claims.

type JwtEncoder ¶

type JwtEncoder struct {
	// contains filtered or unexported fields
}

JwtEncoder can encode a claim to a jwt token string.

func NewJwtEncoder ¶

func NewJwtEncoder(privateKey string, kid string) (*JwtEncoder, error)

NewJwtEncoder creates a new JwtEncoder.

func (*JwtEncoder) Encode ¶

func (e *JwtEncoder) Encode(claims *StandardClaims) (string, error)

Encode the Standard Culture Amp Claims in a jwt token string.

type StandardClaims ¶

type StandardClaims struct {
	AccountId       string // uuid
	RealUserId      string // uuid
	EffectiveUserId string // uuid

	// the `exp` (Expiration Time) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.4
	ExpiresAt time.Time // default on Encode is +1 hour from now
	// the `iat` (Issued At) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.6
	IssuedAt time.Time // default on Encode is "now"
	// the `nbf` (Not Before) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.5
	NotBefore time.Time // default on Encode is "now"
	// the `iss` (Issuer) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1
	Issuer string // default on Encode is "ca-jwt-go"
	// the `sub` (Subject) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2
	Subject string // default on Encode is "standard"
}

StandardClaims represent the standard Culture Amp JWT claims.

func Decode ¶

func Decode(tokenString string) (*StandardClaims, error)

Decode a jwt token string and return the Standard Culture Amp Claims.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL