Documentation ¶
Overview ¶
Utility package for extracting JWT tokens from HTTP requests.
The main function is ParseFromRequest and it's WithClaims variant. See examples for how to use the various Extractor implementations or roll your own.
Index ¶
- Variables
- func ParseFromRequest(req *http.Request, extractor Extractor, keyFunc jwt.Keyfunc, ...) (token *jwt.Token, err error)
- func ParseFromRequestWithClaims(req *http.Request, extractor Extractor, claims jwt.Claims, keyFunc jwt.Keyfunc) (token *jwt.Token, err error)deprecated
- type ArgumentExtractor
- type BearerExtractor
- type Extractor
- type HeaderExtractor
- type MultiExtractor
- type ParseFromRequestOption
- type PostExtractionFilter
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var AuthorizationHeaderExtractor = &PostExtractionFilter{ HeaderExtractor{"Authorization"}, stripBearerPrefixFromTokenString, }
AuthorizationHeaderExtractor extracts a bearer token from Authorization header Uses PostExtractionFilter to strip "Bearer " prefix from header
var (
ErrNoTokenInRequest = errors.New("no token present in request")
)
Errors
var OAuth2Extractor = &MultiExtractor{ AuthorizationHeaderExtractor, ArgumentExtractor{"access_token"}, }
OAuth2Extractor is an Extractor for OAuth2 access tokens. Looks in 'Authorization' header then 'access_token' argument for a token.
Functions ¶
func ParseFromRequest ¶
func ParseFromRequest(req *http.Request, extractor Extractor, keyFunc jwt.Keyfunc, options ...ParseFromRequestOption) (token *jwt.Token, err error)
ParseFromRequest extracts and parses a JWT token from an HTTP request. This behaves the same as Parse, but accepts a request and an extractor instead of a token string. The Extractor interface allows you to define the logic for extracting a token. Several useful implementations are provided.
You can provide options to modify parsing behavior
func ParseFromRequestWithClaims
deprecated
Types ¶
type ArgumentExtractor ¶
type ArgumentExtractor []string
ArgumentExtractor extracts a token from request arguments. This includes a POSTed form or GET URL arguments. Argument names are tried in order until there's a match. This extractor calls `ParseMultipartForm` on the request
Example ¶
req := makeExampleRequest("GET", "/", nil, url.Values{"token": {extractorTestTokenA}}) tokenString, err := ArgumentExtractor{"token"}.ExtractToken(req) if err == nil { fmt.Println(tokenString) } else { fmt.Println(err) }
Output: A
func (ArgumentExtractor) ExtractToken ¶
func (e ArgumentExtractor) ExtractToken(req *http.Request) (string, error)
type BearerExtractor ¶ added in v4.4.3
type BearerExtractor struct{}
BearerExtractor extracts a token from the Authorization header. The header is expected to match the format "Bearer XX", where "XX" is the JWT token.
func (BearerExtractor) ExtractToken ¶ added in v4.4.3
func (e BearerExtractor) ExtractToken(req *http.Request) (string, error)
type Extractor ¶
Extractor is an interface for extracting a token from an HTTP request. The ExtractToken method should return a token string or an error. If no token is present, you must return ErrNoTokenInRequest.
type HeaderExtractor ¶
type HeaderExtractor []string
HeaderExtractor is an extractor for finding a token in a header. Looks at each specified header in order until there's a match
Example ¶
req := makeExampleRequest("GET", "/", map[string]string{"Token": exampleTokenA}, nil) tokenString, err := HeaderExtractor{"Token"}.ExtractToken(req) if err == nil { fmt.Println(tokenString) } else { fmt.Println(err) }
Output: A
func (HeaderExtractor) ExtractToken ¶
func (e HeaderExtractor) ExtractToken(req *http.Request) (string, error)
type MultiExtractor ¶
type MultiExtractor []Extractor
MultiExtractor tries Extractors in order until one returns a token string or an error occurs
func (MultiExtractor) ExtractToken ¶
func (e MultiExtractor) ExtractToken(req *http.Request) (string, error)
type ParseFromRequestOption ¶
type ParseFromRequestOption func(*fromRequestParser)
func WithClaims ¶
func WithClaims(claims jwt.Claims) ParseFromRequestOption
WithClaims parses with custom claims
func WithParser ¶
func WithParser(parser *jwt.Parser) ParseFromRequestOption
WithParser parses using a custom parser
type PostExtractionFilter ¶
PostExtractionFilter wraps an Extractor in this to post-process the value before it's handed off. See AuthorizationHeaderExtractor for an example
func (*PostExtractionFilter) ExtractToken ¶
func (e *PostExtractionFilter) ExtractToken(req *http.Request) (string, error)