jwks

package

v16.11.0 Latest Latest Go to latest Published: Nov 11, 2022 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/datarhei/core

Links

Open Source Insights

Documentation ¶

Overview ¶

Package jwks implements a JSON Web Key Set Based on https://github.com/MicahParks/keyfunc without implementing the KeyFunc

Index ¶

Variables
type Config
type ErrorHandler
type JWK
type JWKS
- func NewFromJSON(jwksBytes []byte) (JWKS, error)
- func NewFromURL(jwksURL string, config Config) (JWKS, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (

	// ErrKIDNotFound indicates that the given key ID was not found in the JWKs.
	ErrKIDNotFound = errors.New("the given key ID was not found in the JWKs")

	// ErrMissingAssets indicates there are required assets missing to create a public key.
	ErrMissingAssets = errors.New("required assets are missing to create a public key")

	// ErrUnknownKeyType indicated that a key type is not implemented
	ErrUnknownKeyType = errors.New("the key has an unknown type")
)

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {

	// Client is the HTTP client used to get the JWKs via HTTP.
	Client *http.Client

	// RefreshErrorHandler is a function that consumes errors that happen during a JWKs refresh. This is only effectual
	// if RefreshInterval is not nil.
	RefreshErrorHandler ErrorHandler

	// RefreshInterval is the duration to refresh the JWKs in the background via a new HTTP request. If this is not nil,
	// then a background refresh will be requested in a separate goroutine at this interval until the JWKs method
	// EndBackground is called.
	RefreshInterval time.Duration

	// RefreshRateLimit limits the rate at which refresh requests are granted. Only one refresh request can be queued
	// at a time any refresh requests received while there is already a queue are ignored. It does not make sense to
	// have RefreshInterval's value shorter than this.
	RefreshRateLimit time.Duration

	// RefreshTimeout is the duration for the context used to create the HTTP request for a refresh of the JWKs. This
	// defaults to one minute. This is only effectual if RefreshInterval is not nil.
	RefreshTimeout time.Duration

	// RefreshUnknownKID indicates that the JWKs refresh request will occur every time a kid that isn't cached is seen.
	// Without specifying a RefreshInterval a malicious client could self-sign X JWTs, send them to this service,
	// then cause potentially high network usage proportional to X.
	RefreshUnknownKID bool
}

Options represents the configuration options for a JWKs.

type ErrorHandler ¶

type ErrorHandler func(err error)

ErrorHandler is a function signature that consumes an error.

type JWK ¶

type JWK interface {
	ID() string
	Alg() string
	Type() string
	PublicKey() (crypto.PublicKey, error)
}

type JWKS ¶

type JWKS interface {
	Key(kid string) (jwk JWK, err error)
	Cancel()
}

func NewFromJSON ¶

func NewFromJSON(jwksBytes []byte) (JWKS, error)

New creates a new JWKs from a raw JSON message.

func NewFromURL ¶

func NewFromURL(jwksURL string, config Config) (JWKS, error)

NewFromURL loads the JWKs at the given URL.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL