jwx

package

v0.0.0-...-4c6e07b Latest Latest Go to latest Published: Sep 29, 2023 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/gibalmeida/mailservermngr

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func Authenticate(v JWSValidator, ctx context.Context, input *openapi3filter.AuthenticationInput) error
func CheckTokenClaims(expectedClaims []string, t jwt.Token) error
func GetClaimsFromToken(t jwt.Token) ([]string, error)
func GetJWSFromRequest(req *http.Request) (string, error)
func NewJWTAuthenticator(v JWSValidator) openapi3filter.AuthenticationFunc
type JWSAuthenticator
- func NewJWSAuthenticator(privateKey []byte) (*JWSAuthenticator, error)
type JWSValidator

Constants ¶

View Source

const JWSAudience = "MailServer-Users"

View Source

const JWSIssuer = "MailServer-Server"

View Source

const JWTClaimsContextKey = "jwt_claims"

View Source

const KeyID = `KID`

View Source

const PermissionsClaim = "perm"

Variables ¶

View Source

var (
	ErrNoAuthHeader      = errors.New("Authorization header is missing")
	ErrInvalidAuthHeader = errors.New("Authorization header is malformed")
	ErrClaimsInvalid     = errors.New("Provided claims do not match expected scopes")
)

Functions ¶

func Authenticate ¶

func Authenticate(v JWSValidator, ctx context.Context, input *openapi3filter.AuthenticationInput) error

Authenticate uses the specified validator to ensure a JWT is valid, then makes sure that the claims provided by the JWT match the scopes as required in the API.

func CheckTokenClaims ¶

func CheckTokenClaims(expectedClaims []string, t jwt.Token) error

func GetClaimsFromToken ¶

func GetClaimsFromToken(t jwt.Token) ([]string, error)

GetClaimsFromToken returns a list of claims from the token. We store these as a list under the "perms" claim, short for permissions, to keep the token shorter.

func GetJWSFromRequest ¶

func GetJWSFromRequest(req *http.Request) (string, error)

GetJWSFromRequest extracts a JWS string from an Authorization: Bearer <jws> header

func NewJWTAuthenticator ¶

func NewJWTAuthenticator(v JWSValidator) openapi3filter.AuthenticationFunc

Types ¶

type JWSAuthenticator ¶

type JWSAuthenticator struct {
	PrivateKey *ecdsa.PrivateKey
	KeySet     jwk.Set
}

func NewJWSAuthenticator ¶

func NewJWSAuthenticator(privateKey []byte) (*JWSAuthenticator, error)

NewJWSAuthenticator creates an authenticator example which uses a hard coded ECDSA key to validate JWT's that it has signed itself.

func (*JWSAuthenticator) CreateJWSWithClaims ¶

func (f *JWSAuthenticator) CreateJWSWithClaims(claims []string) ([]byte, error)

CreateJWSWithClaims is a helper function to create JWT's with the specified claims.

func (*JWSAuthenticator) SignToken ¶

func (f *JWSAuthenticator) SignToken(t jwt.Token) ([]byte, error)

SignToken takes a JWT and signs it with our private key, returning a JWS.

func (*JWSAuthenticator) ValidateJWS ¶

func (f *JWSAuthenticator) ValidateJWS(jwsString string) (jwt.Token, error)

ValidateJWS ensures that the critical JWT claims needed to ensure that we trust the JWT are present and with the correct values.

type JWSValidator ¶

type JWSValidator interface {
	ValidateJWS(jws string) (jwt.Token, error)
}

JWSValidator is used to validate JWS payloads and return a JWT if they're valid

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL