jwkkeys

package

v0.0.0-...-c38336e Latest Latest Go to latest Published: Oct 8, 2023 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/evanj/googlesignin

Links

Open Source Insights

Documentation ¶

Overview ¶

Package jwkkeys verifies JWTs using keys published at known URLs. This is mostly intended as an internal package, but might be useful to others

Index ¶

Variables
type CachedSet
- func New(url string) *CachedSet
- func NewGoogle() *CachedSet
- func (c *CachedSet) Get(keyID string) (*jose.JSONWebKey, error)
type GoogleExtraClaims
type Set
type ValidatedGoogleToken
- func ValidateGoogleClaims(keys Set, serializedJWT string, audience string, issuers []string) (*ValidatedGoogleToken, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrKeyNotFound = errors.New("key not found")

ErrKeyNotFound is the error returned by KeySet.Get when the key ID is not found.

View Source

var GoogleIssuers = []string{"accounts.google.com", "https://accounts.google.com"}

GoogleIssuers contains the value of the iss field in Google ID tokens. When using Google Sign-In via the JavaScript API, it seems to use accounts.google.com, but when using a service account, it uses https://accounts.google.com. See: https://developers.google.com/identity/protocols/oauth2/openid-connect#validatinganidtoken

Functions ¶

This section is empty.

Types ¶

type CachedSet ¶

type CachedSet struct {
	// contains filtered or unexported fields
}

CachedSet fetches and parses keys from a URL, caching them for as long as permitted. It is safe to be used by multiple Goroutines since all accesses are locked.

func New ¶

func New(url string) *CachedSet

New returns a new CachedSet that stores keys loaded from url.

func NewGoogle ¶

func NewGoogle() *CachedSet

NewGoogle returns a new CachedSet that loads Google's OAuth public keys.

func (*CachedSet) Get ¶

func (c *CachedSet) Get(keyID string) (*jose.JSONWebKey, error)

Get returns the key matching keyID, or ErrNotFound if it could not be found.

type GoogleExtraClaims ¶

type GoogleExtraClaims struct {
	// https://developers.google.com/identity/protocols/OpenIDConnect#hd-param
	HostedDomain string `json:"hd,omitempty"`
	Email        string `json:"email,omitempty"`
}

GoogleExtraClaims stores the JSON for Google Sign-In's extra claims that are not included in the basic OpenID claims.

type Set ¶

type Set interface {
	// Get returns the key matching keyID, or an error indicating what happened. Must return
	// ErrKeyNotFound if the key does not exist.
	Get(keyID string) (*jose.JSONWebKey, error)
}

Set retrieves keys in JWK format to validate tokens.

type ValidatedGoogleToken ¶

type ValidatedGoogleToken struct {
	// The raw token that was validated.
	IDToken string
	// The standard JWT claims.
	StandardClaims jwt.Claims
	// The parsed Google-specific JWT claims.
	GoogleClaims GoogleExtraClaims
}

ValidatedGoogleToken stores a parsed and validated Google ID token.

func ValidateGoogleClaims ¶

func ValidateGoogleClaims(
	keys Set, serializedJWT string, audience string, issuers []string,
) (*ValidatedGoogleToken, error)

ValidateGoogleClaims parses the JWT, verifies its signature and claims, then returns the Google-specific claims and the expiration time.

Source Files ¶

View all Source files

jwkkeys.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL