Documentation ¶
Overview ¶
Package jwt implements JWTs per RFC 7519
Index ¶
- Variables
- func ValidAudience(a, b interface{}) bool
- type Claims
- func (c Claims) Audience() ([]string, bool)
- func (c Claims) Base64() ([]byte, error)
- func (c Claims) Del(key string)
- func (c Claims) Expiration() (time.Time, bool)
- func (c Claims) Get(key string) interface{}
- func (c Claims) GetTime(key string) (time.Time, bool)
- func (c Claims) Has(key string) bool
- func (c Claims) IssuedAt() (time.Time, bool)
- func (c Claims) Issuer() (string, bool)
- func (c Claims) JWTID() (string, bool)
- func (c Claims) MarshalJSON() ([]byte, error)
- func (c Claims) NotBefore() (time.Time, bool)
- func (c Claims) RemoveAudience()
- func (c Claims) RemoveExpiration()
- func (c Claims) RemoveIssuedAt()
- func (c Claims) RemoveIssuer()
- func (c Claims) RemoveJWTID()
- func (c Claims) RemoveNotBefore()
- func (c Claims) RemoveSubject()
- func (c Claims) Set(key string, val interface{})
- func (c Claims) SetAudience(audience ...string)
- func (c Claims) SetExpiration(expiration time.Time)
- func (c Claims) SetIssuedAt(issuedAt time.Time)
- func (c Claims) SetIssuer(issuer string)
- func (c Claims) SetJWTID(uniqueID string)
- func (c Claims) SetNotBefore(notBefore time.Time)
- func (c Claims) SetSubject(subject string)
- func (c Claims) SetTime(key string, t time.Time)
- func (c Claims) Subject() (string, bool)
- func (c *Claims) UnmarshalJSON(b []byte) error
- func (c Claims) Validate(now time.Time, expLeeway, nbfLeeway time.Duration) error
- type JWT
- type ValidateFunc
- type Validator
- func (v *Validator) SetAudience(aud string)
- func (v *Validator) SetClaim(claim string, val interface{})
- func (v *Validator) SetExpiration(exp time.Time)
- func (v *Validator) SetIssuedAt(iat time.Time)
- func (v *Validator) SetIssuer(iss string)
- func (v *Validator) SetJWTID(jti string)
- func (v *Validator) SetNotBefore(nbf time.Time)
- func (v *Validator) SetSubject(sub string)
- func (v *Validator) Validate(j JWT) error
Constants ¶
This section is empty.
Variables ¶
var ( // ErrTokenIsExpired is return when time.Now().Unix() is after // the token's "exp" claim. ErrTokenIsExpired = errors.New("token is expired") // ErrTokenNotYetValid is return when time.Now().Unix() is before // the token's "nbf" claim. ErrTokenNotYetValid = errors.New("token is not yet valid") // ErrInvalidISSClaim means the "iss" claim is invalid. ErrInvalidISSClaim = errors.New("claim \"iss\" is invalid") // ErrInvalidSUBClaim means the "sub" claim is invalid. ErrInvalidSUBClaim = errors.New("claim \"sub\" is invalid") // ErrInvalidIATClaim means the "iat" claim is invalid. ErrInvalidIATClaim = errors.New("claim \"iat\" is invalid") // ErrInvalidJTIClaim means the "jti" claim is invalid. ErrInvalidJTIClaim = errors.New("claim \"jti\" is invalid") // ErrInvalidAUDClaim means the "aud" claim is invalid. ErrInvalidAUDClaim = errors.New("claim \"aud\" is invalid") )
Functions ¶
func ValidAudience ¶
func ValidAudience(a, b interface{}) bool
ValidAudience returns true iff:
- a and b are strings and a == b
- a is string, b is []string and a is in b
- a is []string, b is []string and all of a is in b
- a is []string, b is string and len(a) == 1 and a[0] == b
Types ¶
type Claims ¶
type Claims map[string]interface{}
Claims implements a set of JOSE Claims with the addition of some helper methods, similar to net/url.Values.
func (Claims) Audience ¶
Audience retrieves claim "aud" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.3
func (Claims) Expiration ¶
Expiration retrieves claim "exp" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.4
func (Claims) GetTime ¶
GetTime returns a Unix timestamp for the given key.
It converts an int, int32, int64, uint, uint32, uint64 or float64 into a Unix timestamp (epoch seconds). float32 does not have sufficient precision to store a Unix timestamp.
Numeric values parsed from JSON will always be stored as float64 since Claims is a map[string]interface{}. However, the values may be stored directly in the claims as a different type.
func (Claims) IssuedAt ¶
IssuedAt retrieves claim "iat" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.6
func (Claims) Issuer ¶
Issuer retrieves claim "iss" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.1
func (Claims) JWTID ¶
JWTID retrieves claim "jti" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.7
func (Claims) MarshalJSON ¶
MarshalJSON implements json.Marshaler for Claims.
func (Claims) NotBefore ¶
NotBefore retrieves claim "nbf" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.5
func (Claims) RemoveAudience ¶
func (c Claims) RemoveAudience()
RemoveAudience deletes claim "aud" from c.
func (Claims) RemoveExpiration ¶
func (c Claims) RemoveExpiration()
RemoveExpiration deletes claim "exp" from c.
func (Claims) RemoveIssuedAt ¶
func (c Claims) RemoveIssuedAt()
RemoveIssuedAt deletes claim "iat" from c.
func (Claims) RemoveIssuer ¶
func (c Claims) RemoveIssuer()
RemoveIssuer deletes claim "iss" from c.
func (Claims) RemoveNotBefore ¶
func (c Claims) RemoveNotBefore()
RemoveNotBefore deletes claim "nbf" from c.
func (Claims) RemoveSubject ¶
func (c Claims) RemoveSubject()
RemoveSubject deletes claim "sub" from c.
func (Claims) SetAudience ¶
SetAudience sets claim "aud" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.3
func (Claims) SetExpiration ¶
SetExpiration sets claim "exp" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.4
func (Claims) SetIssuedAt ¶
SetIssuedAt sets claim "iat" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.6
func (Claims) SetIssuer ¶
SetIssuer sets claim "iss" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.1
func (Claims) SetJWTID ¶
SetJWTID sets claim "jti" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.7
func (Claims) SetNotBefore ¶
SetNotBefore sets claim "nbf" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.5
func (Claims) SetSubject ¶
SetSubject sets claim "iss" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.2
func (Claims) Subject ¶
Subject retrieves claim "sub" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.2
func (*Claims) UnmarshalJSON ¶
UnmarshalJSON implements json.Unmarshaler for Claims.
type JWT ¶
type JWT interface { // Claims returns the set of Claims. Claims() Claims // Validate returns an error describing any issues found while // validating the JWT. For info on the fn parameter, see the // comment on ValidateFunc. Validate(key interface{}, method crypto.SigningMethod, v ...*Validator) error // Serialize serializes the JWT into its on-the-wire // representation. Serialize(key interface{}) ([]byte, error) }
JWT represents a JWT per RFC 7519. It's described as an interface instead of a physical structure because both JWS and JWEs can be JWTs. So, in order to use either, import one of those two packages and use their "NewJWT" (and other) functions.
type ValidateFunc ¶
ValidateFunc is a function that provides access to the JWT and allows for custom validation. Keep in mind that the Verify methods in the JWS/JWE sibling packages call ValidateFunc *after* validating the JWS/JWE, but *before* any validation per the JWT RFC. Therefore, the ValidateFunc can be used to short-circuit verification, but cannot be used to circumvent the RFC. Custom JWT implementations are free to abuse this, but it is not recommended.
type Validator ¶
type Validator struct { Expected Claims // If non-nil, these are required to match. EXP time.Duration // EXPLeeway NBF time.Duration // NBFLeeway Fn ValidateFunc // See ValidateFunc for more information. // contains filtered or unexported fields }
Validator represents some of the validation options.
func (*Validator) SetAudience ¶
SetAudience sets the "aud" claim per https://tools.ietf.org/html/rfc7519#section-4.1.3
func (*Validator) SetExpiration ¶
SetExpiration sets the "exp" claim per https://tools.ietf.org/html/rfc7519#section-4.1.4
func (*Validator) SetIssuedAt ¶
SetIssuedAt sets the "iat" claim per https://tools.ietf.org/html/rfc7519#section-4.1.6
func (*Validator) SetIssuer ¶
SetIssuer sets the "iss" claim per https://tools.ietf.org/html/rfc7519#section-4.1.1
func (*Validator) SetJWTID ¶
SetJWTID sets the "jti" claim per https://tools.ietf.org/html/rfc7519#section-4.1.7
func (*Validator) SetNotBefore ¶
SetNotBefore sets the "nbf" claim per https://tools.ietf.org/html/rfc7519#section-4.1.5
func (*Validator) SetSubject ¶
SetSubject sets the "sub" claim per https://tools.ietf.org/html/rfc7519#section-4.1.2