jwtclaims

package
v0.0.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 5, 2024 License: BSD-3-Clause Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// TokenUserProperty key for the user property in the request context
	TokenUserProperty = "user"
	// AccountIDSuffix suffix for the account id claim
	AccountIDSuffix = "wt_account_id"
	// DomainIDSuffix suffix for the domain id claim
	DomainIDSuffix = "wt_account_domain"
	// DomainCategorySuffix suffix for the domain category claim
	DomainCategorySuffix = "wt_account_domain_category"
	// UserIDClaim claim for the user id
	UserIDClaim = "sub"
	// LastLoginSuffix claim for the last login
	LastLoginSuffix = "nb_last_login"
	// Invited claim indicates that an incoming JWT is from a user that just accepted an invitation
	Invited = "nb_invited"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthorizationClaims

type AuthorizationClaims struct {
	UserId         string
	AccountId      string
	Domain         string
	DomainCategory string
	LastLogin      time.Time
	Invited        bool

	Raw jwt.MapClaims
}

AuthorizationClaims stores authorization information from JWTs

type ClaimsExtractor

type ClaimsExtractor struct {
	FromRequestContext ExtractClaims
	// contains filtered or unexported fields
}

ClaimsExtractor struct that holds the extract function

func NewClaimsExtractor

func NewClaimsExtractor(options ...ClaimsExtractorOption) *ClaimsExtractor

NewClaimsExtractor returns an extractor, and if provided with a function with ExtractClaims signature, then it will use that logic. Uses ExtractClaimsFromRequestContext by default

func (*ClaimsExtractor) FromToken

func (c *ClaimsExtractor) FromToken(token *jwt.Token) AuthorizationClaims

FromToken extracts claims from the token (after auth)

type ClaimsExtractorOption

type ClaimsExtractorOption func(*ClaimsExtractor)

ClaimsExtractorOption is a function that configures the ClaimsExtractor

func WithAudience

func WithAudience(audience string) ClaimsExtractorOption

WithAudience sets the audience for the extractor

func WithFromRequestContext

func WithFromRequestContext(ec ExtractClaims) ClaimsExtractorOption

WithFromRequestContext sets the function that extracts claims from the request context

func WithUserIDClaim

func WithUserIDClaim(userIDClaim string) ClaimsExtractorOption

WithUserIDClaim sets the user id claim for the extractor

type ExtractClaims

type ExtractClaims func(r *http.Request) AuthorizationClaims

ExtractClaims Extract function type

type JSONWebKey

type JSONWebKey struct {
	Kty string   `json:"kty"`
	Kid string   `json:"kid"`
	Use string   `json:"use"`
	N   string   `json:"n"`
	E   string   `json:"e"`
	X5c []string `json:"x5c"`
}

JSONWebKey is a representation of a Jason Web Key

type JWTValidator

type JWTValidator struct {
	// contains filtered or unexported fields
}

JWTValidator struct to handle token validation and parsing

func NewJWTValidator

func NewJWTValidator(issuer string, audienceList []string, keysLocation string, idpSignkeyRefreshEnabled bool) (*JWTValidator, error)

NewJWTValidator constructor

func (*JWTValidator) ValidateAndParse

func (m *JWTValidator) ValidateAndParse(token string) (*jwt.Token, error)

ValidateAndParse validates the token and returns the parsed token

type Jwks

type Jwks struct {
	Keys []JSONWebKey `json:"keys"`
	// contains filtered or unexported fields
}

Jwks is a collection of JSONWebKey obtained from Config.HttpServerConfig.AuthKeysLocation

type Options

type Options struct {
	// The function that will return the Key to validate the JWT.
	// It can be either a shared secret or a public key.
	// Default value: nil
	ValidationKeyGetter jwt.Keyfunc
	// The name of the property in the request where the user information
	// from the JWT will be stored.
	// Default value: "user"
	UserProperty string
	// The function that will be called when there's an error validating the token
	// Default value:
	CredentialsOptional bool
	// A function that extracts the token from the request
	// Default: FromAuthHeader (i.e., from Authorization header as bearer token)
	Debug bool
	// When set, all requests with the OPTIONS method will use authentication
	// Default: false
	EnableAuthOnOptions bool
	// When set, the middelware verifies that tokens are signed with the specific signing algorithm
	// If the signing method is not constant the ValidationKeyGetter callback can be used to implement additional checks
	// Important to avoid security issues described here: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
	// Default: nil
	SigningMethod jwt.SigningMethod
}

Options is a struct for specifying configuration options for the middleware.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL