jwx

package

v0.0.0-...-4c6e07b Latest Latest Go to latest Published: Sep 29, 2023 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gibalmeida/mailservermngr

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func Authenticate(v JWSValidator, ctx context.Context, input *openapi3filter.AuthenticationInput) error
func CheckTokenClaims(expectedClaims []string, t jwt.Token) error
func GetClaimsFromToken(t jwt.Token) ([]string, error)
func GetJWSFromRequest(req *http.Request) (string, error)
func NewJWTAuthenticator(v JWSValidator) openapi3filter.AuthenticationFunc
type JWSAuthenticator
- func NewJWSAuthenticator(privateKey []byte) (*JWSAuthenticator, error)
type JWSValidator

Constants ¶

View Source

const JWSAudience = "MailServer-Users"

View Source

const JWSIssuer = "MailServer-Server"

View Source

const JWTClaimsContextKey = "jwt_claims"

View Source

const KeyID = `KID`

View Source

const PermissionsClaim = "perm"

Variables ¶

View Source

var (
	ErrNoAuthHeader      = errors.New("Authorization header is missing")
	ErrInvalidAuthHeader = errors.New("Authorization header is malformed")
	ErrClaimsInvalid     = errors.New("Provided claims do not match expected scopes")
)

Functions ¶

func Authenticate ¶

func Authenticate(v JWSValidator, ctx context.Context, input *openapi3filter.AuthenticationInput) error

Authenticate uses the specified validator to ensure a JWT is valid, then makes sure that the claims provided by the JWT match the scopes as required in the API.

func CheckTokenClaims ¶

func CheckTokenClaims(expectedClaims []string, t jwt.Token) error

func GetClaimsFromToken ¶

func GetClaimsFromToken(t jwt.Token) ([]string, error)

GetClaimsFromToken returns a list of claims from the token. We store these as a list under the "perms" claim, short for permissions, to keep the token shorter.

func GetJWSFromRequest ¶

func GetJWSFromRequest(req *http.Request) (string, error)

GetJWSFromRequest extracts a JWS string from an Authorization: Bearer <jws> header

func NewJWTAuthenticator ¶

func NewJWTAuthenticator(v JWSValidator) openapi3filter.AuthenticationFunc

Types ¶

type JWSAuthenticator ¶

type JWSAuthenticator struct {
	PrivateKey *ecdsa.PrivateKey
	KeySet     jwk.Set
}

func NewJWSAuthenticator ¶

func NewJWSAuthenticator(privateKey []byte) (*JWSAuthenticator, error)

NewJWSAuthenticator creates an authenticator example which uses a hard coded ECDSA key to validate JWT's that it has signed itself.

func (*JWSAuthenticator) CreateJWSWithClaims ¶

func (f *JWSAuthenticator) CreateJWSWithClaims(claims []string) ([]byte, error)

CreateJWSWithClaims is a helper function to create JWT's with the specified claims.

func (*JWSAuthenticator) SignToken ¶

func (f *JWSAuthenticator) SignToken(t jwt.Token) ([]byte, error)

SignToken takes a JWT and signs it with our private key, returning a JWS.

func (*JWSAuthenticator) ValidateJWS ¶

func (f *JWSAuthenticator) ValidateJWS(jwsString string) (jwt.Token, error)

ValidateJWS ensures that the critical JWT claims needed to ensure that we trust the JWT are present and with the correct values.

type JWSValidator ¶

type JWSValidator interface {
	ValidateJWS(jws string) (jwt.Token, error)
}

JWSValidator is used to validate JWS payloads and return a JWT if they're valid

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL