token

package
v0.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 30, 2019 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// DefaultIssuer when generating tokens.
	DefaultIssuer = "step-cli"
	// DefaultAudience when generating tokens.
	DefaultAudience = "https://ca/sign"
	// MinValidity token validity token duration.
	MinValidity = 10 * time.Second
	// MaxValidity token validity token duration.
	MaxValidity = 1 * time.Hour
	// DefaultValidity token validity duration.
	DefaultValidity = 5 * time.Minute
	// MaxValidityDelay allowable delay between Now and beginning of token validity period.
	MaxValidityDelay = 30 * time.Minute
)
View Source
const RootSHAClaim = "sha"

RootSHAClaim is the property name for a JWT claim that stores the SHA256 of a root certificate.

View Source
const SANSClaim = "sans"

SANSClaim is the property name for a JWT claim that stores the list of required subject alternative names.

Variables

This section is empty.

Functions

func GenerateKeyID

func GenerateKeyID(priv interface{}) (string, error)

GenerateKeyID returns the SHA256 of a public key.

Types

type Claims

type Claims struct {
	jose.Claims
	ExtraClaims  map[string]interface{}
	ExtraHeaders map[string]interface{}
}

Claims represents the claims that a token might have.

func DefaultClaims

func DefaultClaims() *Claims

DefaultClaims returns the default claims of any token.

func NewClaims

func NewClaims(opts ...Options) (*Claims, error)

NewClaims returns the default claims with the given options added.

func (*Claims) Set

func (c *Claims) Set(key string, value interface{})

Set adds the given key and value to the map of extra claims.

func (*Claims) SetHeader

func (c *Claims) SetHeader(key string, value interface{})

SetHeader adds the given key and value to the map of extra headers.

func (*Claims) Sign

func (c *Claims) Sign(alg jose.SignatureAlgorithm, key interface{}) (string, error)

Sign creates a JWT with the claims and signs it with the given key.

type Options

type Options func(c *Claims) error

Options is a function that set claims.

func WithAudience

func WithAudience(s string) Options

WithAudience returns a Options that sets the audience to use in the token claims. If Audience is not used the default audience will be used.

func WithClaim

func WithClaim(name string, value interface{}) Options

WithClaim is an Options function that adds a custom claim to the JWT.

func WithIssuer

func WithIssuer(s string) Options

WithIssuer returns an Options function that sets the issuer to use in the token claims. If Issuer is not used the default issuer will be used.

func WithJWTID

func WithJWTID(s string) Options

WithJWTID returns a Options that sets the jwtID to use in the token claims. If WithJWTID is not used a random identifier will be used.

func WithKid

func WithKid(s string) Options

WithKid returns a Options that sets the header kid claims. If WithKid is not used a thumbprint using SHA256 will be used.

func WithRootCA

func WithRootCA(path string) Options

WithRootCA returns an Options function that calculates the SHA256 of the given root certificate to be used in the token claims. If this method it's not used the default root certificate in the $STEPPATH secrets directory will be used.

func WithSANS

func WithSANS(sans []string) Options

WithSANS returns an Options function that sets the list of required SANs in the token claims.

func WithSubject

func WithSubject(s string) Options

WithSubject returns an Options that sets the subject to use in the token claims.

func WithValidity

func WithValidity(notBefore, expiration time.Time) Options

WithValidity validates boundary inputs and sets the 'nbf' (NotBefore) and 'exp' (expiration) options.

type Token

type Token interface {
	SignedString(sigAlg string, priv interface{}) (string, error)
}

Token interface which all token types should attempt to implement.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL