Documentation
¶
Index ¶
- Variables
- func New(keyOpt jws.SigningKeyOption, header *jose.Header, claimsSet *ClaimsSet) (token string, err error)
- func Sign(keyOpt jws.SigningKeyOption, header *jose.Header, claimsSet *ClaimsSet) (signingInput, signatureEncoded string, err error)
- type Audience
- type ClaimsSet
- func (c *ClaimsSet) Decode(encoded string) error
- func (c *ClaimsSet) Encode() (encoded string, err error)
- func (c *ClaimsSet) GetPrivateClaim(claimName string, v any) error
- func (c *ClaimsSet) MarshalJSON() (data []byte, err error)
- func (c *ClaimsSet) SetPrivateClaim(claimName string, v any)
- func (c *ClaimsSet) UnmarshalJSON(data []byte) (err error)
- type ClaimsSetOption
- func WithAudience(aud ...string) ClaimsSetOption
- func WithExpirationTime(exp time.Time) ClaimsSetOption
- func WithIssuedAt(iat time.Time) ClaimsSetOption
- func WithIssuer(iss string) ClaimsSetOption
- func WithJWTID(jti string) ClaimsSetOption
- func WithNotBefore(nbf time.Time) ClaimsSetOption
- func WithPrivateClaim(name string, value any) ClaimsSetOption
- func WithSubject(sub string) ClaimsSetOption
- type PrivateClaims
- type VerifyOption
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrPrivateClaimIsNotFound = errors.New(`jwt: private claim is not found`) ErrVIsNotPointerOrInterface = errors.New(`jwt: v is not pointer or interface`) ErrPrivateClaimTypeIsNotMatch = errors.New(`jwt: private claim type is not match`) ErrAudienceIsNil = errors.New(`jwt: aud is nil`) ErrUnsupportedType = errors.New(`jwt: unsupported type`) )
View Source
var ( ErrTokenIsExpired = errors.New("jwt: token is expired") ErrTokenIsNotBefore = errors.New("jwt: token is not before") ErrAudienceIsNotMatch = errors.New("jwt: audience is not match") ErrIssuerIsNotMatch = errors.New("jwt: issuer is not match") )
View Source
var ErrInvalidJSON = errors.New("jwt: invalid JSON")
Functions ¶
func New ¶
func New(keyOpt jws.SigningKeyOption, header *jose.Header, claimsSet *ClaimsSet) (token string, err error)
New
Example:
token, err := jwt.New(
jws.WithHMACKey([]byte("YOUR_HMAC_KEY"),
jose.NewHeader(jwa.HS256, jose.WithType("JWT")),
jwt.NewClaimsSet(jwt.WithSubject("userID"), jwt.WithExpirationTime(time.Now().Add(1*time.Hour))),
)
func Sign ¶
func Sign(keyOpt jws.SigningKeyOption, header *jose.Header, claimsSet *ClaimsSet) (signingInput, signatureEncoded string, err error)
Sign
Example:
signingInput, signatureEncoded, err := jwt.Sign(
jws.WithHMACKey([]byte("YOUR_HMAC_KEY"),
jose.NewHeader(jwa.HS256, jose.WithType("JWT")),
jwt.NewClaimsSet(jwt.WithSubject("userID"), jwt.WithExpirationTime(time.Now().Add(1*time.Hour))),
)
Types ¶
type ClaimsSet ¶
type ClaimsSet struct {
// Issuer
//
// - ref. https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1
Issuer string `json:"iss,omitempty"`
// Subject
//
// The "sub" (subject) claim identifies the principal that is the
// subject of the JWT. The claims in a JWT are normally statements
// about the subject. The subject value MUST either be scoped to be
// locally unique in the context of the issuer or be globally unique.
// The processing of this claim is generally application specific. The
// "sub" value is a case-sensitive string containing a StringOrURI
// value. Use of this claim is OPTIONAL.
//
// - ref. https://www.rfc-editor.org/rfc/rfc7519#section-4.1.2
Subject string `json:"sub,omitempty"`
// Audience
//
// The "aud" (audience) claim identifies the recipients that the JWT is
// intended for. Each principal intended to process the JWT MUST
// identify itself with a value in the audience claim. If the principal
// processing the claim does not identify itself with a value in the
// "aud" claim when this claim is present, then the JWT MUST be
// rejected. In the general case, the "aud" value is an array of case-
// sensitive strings, each containing a StringOrURI value. In the
// special case when the JWT has one audience, the "aud" value MAY be a
// single case-sensitive string containing a StringOrURI value. The
// interpretation of audience values is generally application specific.
// Use of this claim is OPTIONAL.
//
// - ref. https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3
Audience Audience `json:"aud,omitempty"`
// ExpirationTime
//
// The "exp" (expiration time) claim identifies the expiration time on
// or after which the JWT MUST NOT be accepted for processing. The
// processing of the "exp" claim requires that the current date/time
// MUST be before the expiration date/time listed in the "exp" claim.
// Implementers MAY provide for some small leeway, usually no more than
// a few minutes, to account for clock skew. Its value MUST be a number
// containing a NumericDate value. Use of this claim is OPTIONAL.
//
// - ref. https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4
ExpirationTime int64 `json:"exp,omitempty"`
// NotBefore
//
// The "nbf" (not before) claim identifies the time before which the JWT
// MUST NOT be accepted for processing. The processing of the "nbf"
// claim requires that the current date/time MUST be after or equal to
// the not-before date/time listed in the "nbf" claim. Implementers MAY
// provide for some small leeway, usually no more than a few minutes, to
// account for clock skew. Its value MUST be a number containing a
// NumericDate value. Use of this claim is OPTIONAL.
//
// - ref. https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5
NotBefore int64 `json:"nbf,omitempty"`
// IssuedAt
//
// - ref. https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6
IssuedAt int64 `json:"iat,omitempty"`
// JWTID
//
// - ref. https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7
JWTID string `json:"jti,omitempty"`
// PrivateClaims
//
// - ref. https://www.rfc-editor.org/rfc/rfc7519#section-4.3
PrivateClaims PrivateClaims `json:"-"`
}
ClaimsSet
- ref. JWT Claims - JSON Web Token (JWT) https://www.rfc-editor.org/rfc/rfc7519#section-4
func NewClaimsSet ¶
func NewClaimsSet(claims ...ClaimsSetOption) *ClaimsSet
NewClaimsSet
Example:
claimsSet := jwt.NewClaimsSet(
jwt.WithSubject("userID"),
jwt.WithExpirationTime(time.Now().Add(1*time.Hour)),
)
func Verify ¶
func Verify(keyOption jws.VerificationKeyOption, jwt string, opts ...VerifyOption) (header *jose.Header, claimsSet *ClaimsSet, err error)
Verify
Example:
header, claimsSet, err := jwt.Verify(
jws.UseHMACKey([]byte("YOUR_HMAC_KEY"),
token,
)
func (*ClaimsSet) GetPrivateClaim ¶
GetPrivateClaim
func (*ClaimsSet) MarshalJSON ¶
func (*ClaimsSet) SetPrivateClaim ¶
func (*ClaimsSet) UnmarshalJSON ¶
type ClaimsSetOption ¶
type ClaimsSetOption func(c *ClaimsSet)
func WithAudience ¶
func WithAudience(aud ...string) ClaimsSetOption
func WithExpirationTime ¶
func WithExpirationTime(exp time.Time) ClaimsSetOption
func WithIssuedAt ¶
func WithIssuedAt(iat time.Time) ClaimsSetOption
func WithIssuer ¶
func WithIssuer(iss string) ClaimsSetOption
func WithJWTID ¶
func WithJWTID(jti string) ClaimsSetOption
func WithNotBefore ¶
func WithNotBefore(nbf time.Time) ClaimsSetOption
func WithPrivateClaim ¶
func WithPrivateClaim(name string, value any) ClaimsSetOption
func WithSubject ¶
func WithSubject(sub string) ClaimsSetOption
type PrivateClaims ¶
type VerifyOption ¶
type VerifyOption func(*verifyOption)
func VerifyAudience ¶
func VerifyAudience(aud ...string) VerifyOption
func VerifyIssuer ¶
func VerifyIssuer(iss string) VerifyOption
func VerifyPrivateClaims ¶
func VerifyPrivateClaims(verifyPrivateClaimsFunc func(privateClaims PrivateClaims) error) VerifyOption
Source Files
Click to show internal directories.
Click to hide internal directories.