Documentation
¶
Index ¶
- Constants
- Variables
- func ForRequest(p Signer, r *http.Request, extraClaims any) (string, error)
- func GenerateKey(label string) (*jose.JSONWebKey, error)
- func GetCnfClaim(claims map[string]any) (string, error)
- func LoadKey(path string) (*jose.JSONWebKey, string, error)
- func SaveKey(folder string, k *jose.JSONWebKey) (string, error)
- func SetCnfClaim(claims map[string]any, thumprint string)
- func Thumbprint(k *jose.JSONWebKey) (string, error)
- type Result
- type Signer
- type TokenInfo
- type VerifyConfig
Constants ¶
View Source
const ( // HTTPHeader header name for DPoP HTTPHeader = "DPoP" // ContentType value ContentType = "application/dpop+jwt" )
View Source
const ( // DefaultExpiration for the proof DefaultExpiration = time.Minute * 10 // DefaultNotBefore offset for NotBefore DefaultNotBefore = -10 * time.Minute )
View Source
const (
// CnfThumbprint is the claim name for JKT thumbptint
CnfThumbprint = "jkt"
)
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-04
Variables ¶
View Source
var TimeNowFn = time.Now
TimeNowFn to override in unit tests
Functions ¶
func ForRequest ¶ added in v0.6.0
func GenerateKey ¶ added in v0.2.0
func GenerateKey(label string) (*jose.JSONWebKey, error)
GenerateKey returns JSONWebKey to sign JWT
func GetCnfClaim ¶ added in v0.2.0
GetCnfClaim gets DPoP `cnf` claim
func LoadKey ¶ added in v0.2.0
func LoadKey(path string) (*jose.JSONWebKey, string, error)
LoadKey returns *jose.JSONWebKey
func SaveKey ¶ added in v0.2.0
func SaveKey(folder string, k *jose.JSONWebKey) (string, error)
SaveKey saves the key to storage
func SetCnfClaim ¶ added in v0.2.0
SetCnfClaim sets DPoP `cnf` claim
func Thumbprint ¶ added in v0.2.0
func Thumbprint(k *jose.JSONWebKey) (string, error)
Thumbprint returns key thumbprint
Types ¶
type Result ¶
Result is returned from VerifyClaims
func VerifyClaims ¶
func VerifyClaims(cfg VerifyConfig, phdr, httpMethod, httpURI string) (*Result, error)
VerifyClaims returns DPoP claims, raw claims, key; or error
func VerifyRequestClaims ¶ added in v0.6.0
func VerifyRequestClaims(cfg VerifyConfig, req *http.Request) (*Result, error)
VerifyRequestClaims returns DPoP claims, raw claims, key; or error
type Signer ¶
type Signer interface {
// Sign returns DPoP token
Sign(ctx context.Context, method string, u *url.URL, extraClaims any) (string, error)
// JWKThumbprint returns base64 hash of the key
JWKThumbprint() string
}
Signer specifies an interface to sign HTTP requests with DPoP
type TokenInfo ¶ added in v0.2.0
type TokenInfo struct {
Token *jwt.JSONWebToken
Claims jwtgo.Claims
Key *jose.JSONWebKey
Thumbprint string
CnfJkt string
IsPublicKey bool
IsFresh bool
}
TokenInfo is returned from GetTokenInfo
func GetTokenInfo ¶ added in v0.2.0
GetTokenInfo returns token info, if it's JWT or nil otherwise
type VerifyConfig ¶
type VerifyConfig struct {
// ExpectedIssuer validates the iss claim of a JWT matches this value
ExpectedIssuer string
// ExpectedSubject validates the sub claim of a JWT matches this value
ExpectedSubject string
// ExpectedAudience validates that the aud claim of a JWT contains this value
ExpectedAudience string
// ExpectedNonce validates that the nonce claim of a JWT contains this value
ExpectedNonce string
// EnableQuery speciies to get `dpop` header from the QueryString
EnableQuery bool
}
VerifyConfig expreses the possible options for validating a JWT
Source Files
Click to show internal directories.
Click to hide internal directories.