jwt

package

v1.1.3 Latest Latest Go to latest Published: Feb 28, 2025 License: AGPL-3.0, MIT Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package jwt provides authentication strategy, incoming HTTP requests using the oauth2 jwt access token or openid IDToken. This authentication strategy makes it easy to introduce apps, into a oauth2 authorization framework to be used by resource servers or other servers.

Index ¶

Variables
func GetAuthenticateFunc(addr string, opts ...auth.Option) token.AuthenticateFunc
func SetClaimResolver(c oauth2.ClaimsResolver) auth.Option
func SetClientTransport(rt http.RoundTripper) auth.Option
func SetHTTPClient(c *http.Client) auth.Option
func SetInterval(d time.Duration) auth.Option
func SetTLSConfig(tls *tls.Config) auth.Option
func SetVerifyOptions(opts claims.VerifyOptions) auth.Option
type AddressClaim
type Claims
type IDToken

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrMissingKID is returned by Authenticate Strategy method,
	// when failed to retrieve kid from token header.
	ErrMissingKID = jwt.ErrMissingKID

	// ErrInvalidAlg is returned by Authenticate Strategy method,
	// when jwt token alg header does not match key algorithm.
	ErrInvalidAlg = jwt.ErrInvalidAlg
)

Functions ¶

func GetAuthenticateFunc ¶

func GetAuthenticateFunc(addr string, opts ...auth.Option) token.AuthenticateFunc

GetAuthenticateFunc return function to authenticate request using oauth2 jwt access token or openid IDToken.

The underlying AuthenticateFunc cached JWKS based on the cache-control header if exist, Otherwise, fallback to an interval duration.

The returned function typically used with the token strategy.

func SetClaimResolver ¶

func SetClaimResolver(c oauth2.ClaimsResolver) auth.Option

SetClaimResolver sets the jwt strategy ClaimResolver to resolve the jwt claims. Default: jwt.Claim

func SetClientTransport ¶

func SetClientTransport(rt http.RoundTripper) auth.Option

SetClientTransport sets underlying http client transport that used to get JWKS.

func SetHTTPClient ¶

func SetHTTPClient(c *http.Client) auth.Option

SetHTTPClient sets the underlying http client that used to get JWKS.

func SetInterval ¶

func SetInterval(d time.Duration) auth.Option

SetInterval sets the fallback interval duration to refresh JWKS occasionally. Default: 5 min.

func SetTLSConfig ¶

func SetTLSConfig(tls *tls.Config) auth.Option

SetTLSConfig sets tls config underlying http client tls that used to get JWKS.

func SetVerifyOptions ¶

func SetVerifyOptions(opts claims.VerifyOptions) auth.Option

SetVerifyOptions sets the jwt strategy to verify the jwt claims.

Types ¶

type AddressClaim ¶

type AddressClaim struct {
	Formatted     string `json:"formatted,omitempty"`
	StreetAddress string `json:"street_address,omitempty"`
	Locality      string `json:"locality,omitempty"`
	Region        string `json:"region,omitempty"`
	PostalCode    string `json:"postal_code,omitempty"`
	Country       string `json:"country,omitempty"`
}

AddressClaim represents a physical mailing address as defined in OpenID https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim.

type Claims ¶

type Claims struct {
	auth.Info
	*claims.Standard
}

Claims represents JWT access token claims and provide a starting point for a set of useful interoperable claims as defined in RFC 7519. Claims implements auth.Info and oauth2.ClaimsResolver.

func (Claims) GetExpiresAt ¶

func (c Claims) GetExpiresAt() time.Time

GetExpiresAt return's c.ExpiresAt.

func (Claims) GetID ¶

func (c Claims) GetID() string

GetID returns c.Info.GetID if exist, Otherwise, return's c.Subject.

func (Claims) GetScope ¶

func (c Claims) GetScope() []string

GetScope return's c.Scope splited by space or comma.

func (Claims) GetUserName ¶

func (c Claims) GetUserName() string

GetUserName returns c.Info.GetUserName if exist, Otherwise, it return c.UserName or c.Subject.

func (Claims) New ¶

func (c Claims) New() oauth2.ClaimsResolver

New return's a new Claims as oauth2.ClaimsResolver.

func (Claims) Resolve ¶

func (c Claims) Resolve() auth.Info

Resolve return's c as auth.Info.

type IDToken ¶

type IDToken struct {
	Name                string       `json:"name,omitempty"`
	GivenName           string       `json:"given_name,omitempty"`
	FamilyName          string       `json:"family_name,omitempty"`
	MiddleName          string       `json:"middle_name,omitempty"`
	NickName            string       `json:"nickname,omitempty"`
	PreferredUsername   string       `json:"preferred_username,omitempty"`
	Profile             string       `json:"profile,omitempty"`
	Picture             string       `json:"picture,omitempty"`
	Website             string       `json:"website,omitempty"`
	Email               string       `json:"email,omitempty"`
	Gender              string       `json:"gender,omitempty"`
	Birthdate           string       `json:"birthdate,omitempty"`
	ZoneInfo            string       `json:"zoneinfo,omitempty"`
	Locale              string       `json:"locale,omitempty"`
	PhoneNumber         string       `json:"phone_number,omitempty"`
	PhoneNumberVerified bool         `json:"phone_number_verified,omitempty"`
	EmailVerified       bool         `json:"email_verified,omitempty"`
	Address             AddressClaim `json:"address,omitempty"`
	UpdatedAT           *claims.Time `json:"updated_at,omitempty"`

	Nonce           string       `json:"nonce,omitempty"`
	AuthContextRef  string       `json:"acr,omitempty"`
	AuthorizedParty string       `json:"azp,omitempty"`
	AccessTokenHash string       `json:"at_hash,omitempty"`
	CodeHash        string       `json:"c_hash,omitempty"`
	AuthMethodRef   []string     `json:"amr,omitempty"`
	AuthTime        *claims.Time `json:"auth_time,omitempty"`

	*claims.Standard
	auth.Info
}

IDToken represents id token claims as defined in OpenID https://openid.net/specs/openid-connect-core-1_0.html#HybridIDToken. IDToken implements auth.Info and oauth2.ClaimsResolver.

func (IDToken) GetExpiresAt ¶

func (it IDToken) GetExpiresAt() time.Time

GetExpiresAt return's it.ExpiresAt.

func (IDToken) GetID ¶

func (it IDToken) GetID() string

GetID returns it.Info.GetID if exist, Otherwise, return's it.Subject.

func (IDToken) GetScope ¶

func (it IDToken) GetScope() []string

GetScope return's it.Scope splited by space or comma.

func (IDToken) GetUserName ¶

func (it IDToken) GetUserName() string

GetUserName return's it.Info.GetUserName if exist, Otherwise, fallback to it.PreferredUsername/it.Email/it.Subject.

func (IDToken) New ¶

func (it IDToken) New() oauth2.ClaimsResolver

New return's a new IDToken as oauth2.ClaimsResolver.

func (IDToken) Resolve ¶

func (it IDToken) Resolve() auth.Info

Resolve return's "id token" as auth.Info.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL