jwt

package
v0.1.6-rc0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 21, 2021 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AudienceMonoctl               = "monoctl"
	AudienceK8sAuth               = "k8sauth"
	AudienceM8Operator            = "m8operator"
	ClusterBootstrapTokenValidity = 10 * time.Minute
)
View Source 
const (
	SignatureAlgorithm = jose.RS256
)

Variables

This section is empty.

Functions

func LoadPrivateKey 

func LoadPrivateKey(data []byte) (*jose.JSONWebKey, error)

LoadPrivateKey loads a private key from PEM/DER/JWK-encoded data.

func LoadPublicKey 

func LoadPublicKey(data []byte) (*jose.JSONWebKey, error)

LoadPublicKey loads a public key from PEM/DER/JWK-encoded data.

Types

type AuthToken 

type AuthToken struct {
	*jwt.Claims
	*StandardClaims
	*ClusterClaim
}

func NewAuthToken 

func NewAuthToken(claims *StandardClaims, issuer, userId string, validity time.Duration) *AuthToken

func NewClusterBootstrapToken 

func NewClusterBootstrapToken(claims *StandardClaims, issuer, userId string) *AuthToken

func NewKubernetesAuthToken 

func NewKubernetesAuthToken(claims *StandardClaims, clusterClaim *ClusterClaim, issuer, userId string, validity time.Duration) *AuthToken

func (*AuthToken) Validate 

func (t *AuthToken) Validate(issuer string, expectedAudience ...string) error

IsValid returns if the token is not used too early or is expired

type ClusterClaim 

type ClusterClaim struct {
	ClusterId       string `json:"cluster_id,omitempty"`       // Id of the cluster.
	ClusterName     string `json:"cluster_name,omitempty"`     // Name of the cluster.
	ClusterUserName string `json:"cluster_username,omitempty"` // Name of the user in the cluster.
	ClusterRole     string `json:"cluster_role,omitempty"`     // Role the user has in the cluster.
}

type JWTSigner 

type JWTSigner interface {
	// GenerateSignedToken generates a signed JWT containing the given claims
	GenerateSignedToken(interface{}) (string, error)
}

JWTSigner is an interface for JWT signers

func NewSigner 

func NewSigner(privateKeyFilename string) JWTSigner

NewSigner creates a thin wrapper around Square's go-jose library to issue JWT.

type JWTVerifier 

type JWTVerifier interface {
	Verify(string, interface{}) error
	JWKS() *jose.JSONWebKeySet
	KeyExpiration() time.Duration
	Close() error
}

JWTVerifier verifies a JWT and parses claims

func NewVerifier 

func NewVerifier(publicKeyFilename string, keyExpiration time.Duration) (JWTVerifier, error)

NewVerifier creates a new verifier for raw JWT

type StandardClaims 

type StandardClaims struct {
	Name            string            `json:"name,omitempty"`           // User’s display name.
	Email           string            `json:"email,omitempty"`          // The email of the user.
	EmailVerified   bool              `json:"email_verified,omitempty"` // If the upstream provider has verified the email.
	Groups          []string          `json:"groups,omitempty"`         // A list of strings representing the groups a user is a member of.
	FederatedClaims map[string]string `json:"federated_claims,omitempty"`
}

type TestEnv 

type TestEnv struct {
	*test.TestEnv
	// contains filtered or unexported fields
}

func NewTestEnv 

func NewTestEnv(testEnv *test.TestEnv) (*TestEnv, error)

func (*TestEnv) CreateSigner 

func (env *TestEnv) CreateSigner() JWTSigner

func (*TestEnv) CreateVerifier 

func (env *TestEnv) CreateVerifier(keyExpiration time.Duration) (JWTVerifier, error)

func (*TestEnv) RotateCertificate 

func (env *TestEnv) RotateCertificate() error

func (*TestEnv) Shutdown 

func (env *TestEnv) Shutdown() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.