jwt

package
v0.2.0-rc8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 7, 2021 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source
const (
	AudienceMonoctl               = "monoctl"
	AudienceK8sAuth               = "k8sauth"
	AudienceM8Operator            = "m8operator"
	ClusterBootstrapTokenValidity = 10 * time.Minute
)
View Source
const (
	SignatureAlgorithm = jose.RS256
)

Variables

This section is empty.

Functions

func LoadPrivateKey

func LoadPrivateKey(data []byte) (*jose.JSONWebKey, error)

LoadPrivateKey loads a private key from PEM/DER/JWK-encoded data.

func LoadPublicKey

func LoadPublicKey(data []byte) (*jose.JSONWebKey, error)

LoadPublicKey loads a public key from PEM/DER/JWK-encoded data.

Types

type AuthToken

type AuthToken struct {
	*jwt.Claims
	*StandardClaims
	*ClusterClaim
}

func NewAuthToken

func NewAuthToken(claims *StandardClaims, issuer, userId string, validity time.Duration) *AuthToken

func NewClusterBootstrapToken

func NewClusterBootstrapToken(claims *StandardClaims, issuer, userId string) *AuthToken

func NewKubernetesAuthToken

func NewKubernetesAuthToken(claims *StandardClaims, clusterClaim *ClusterClaim, issuer, userId string, validity time.Duration) *AuthToken

func (*AuthToken) Validate

func (t *AuthToken) Validate(issuer string, expectedAudience ...string) error

IsValid returns if the token is not used too early or is expired

type ClusterClaim

type ClusterClaim struct {
	ClusterId       string `json:"cluster_id,omitempty"`       // Id of the cluster.
	ClusterName     string `json:"cluster_name,omitempty"`     // Name of the cluster.
	ClusterUserName string `json:"cluster_username,omitempty"` // Name of the user in the cluster.
	ClusterRole     string `json:"cluster_role,omitempty"`     // Role the user has in the cluster.
}

type JWTSigner

type JWTSigner interface {
	// GenerateSignedToken generates a signed JWT containing the given claims
	GenerateSignedToken(interface{}) (string, error)
}

JWTSigner is an interface for JWT signers

func NewSigner

func NewSigner(privateKeyFilename string) JWTSigner

NewSigner creates a thin wrapper around Square's go-jose library to issue JWT.

type JWTVerifier

type JWTVerifier interface {
	Verify(string, interface{}) error
	JWKS() *jose.JSONWebKeySet
	KeyExpiration() time.Duration
	Close() error
}

JWTVerifier verifies a JWT and parses claims

func NewVerifier

func NewVerifier(publicKeyFilename string, keyExpiration time.Duration) (JWTVerifier, error)

NewVerifier creates a new verifier for raw JWT

type StandardClaims

type StandardClaims struct {
	Name            string            `json:"name,omitempty"`           // User’s display name.
	Email           string            `json:"email,omitempty"`          // The email of the user.
	EmailVerified   bool              `json:"email_verified,omitempty"` // If the upstream provider has verified the email.
	Groups          []string          `json:"groups,omitempty"`         // A list of strings representing the groups a user is a member of.
	FederatedClaims map[string]string `json:"federated_claims,omitempty"`
}

type TestEnv

type TestEnv struct {
	*test.TestEnv
	// contains filtered or unexported fields
}

func NewTestEnv

func NewTestEnv(testEnv *test.TestEnv) (*TestEnv, error)

func (*TestEnv) CreateSigner

func (env *TestEnv) CreateSigner() JWTSigner

func (*TestEnv) CreateVerifier

func (env *TestEnv) CreateVerifier(keyExpiration time.Duration) (JWTVerifier, error)

func (*TestEnv) RotateCertificate

func (env *TestEnv) RotateCertificate() error

func (*TestEnv) Shutdown

func (env *TestEnv) Shutdown() error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL