jwtkms

package

v2.0.0-...-c23704d Latest Latest Go to latest Published: Feb 4, 2025 License: MIT Imports: 12 Imported by: 6

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/matelang/jwt-go-aws-kms

Documentation ¶

Overview ¶

Package jwtkms provides an AWS KMS(Key Management Service) adapter to be used with the popular GoLang JWT library

Importing this package will auto register the provided SigningMethods and make them available for use. Make sure to use a keyConfig with a keyId that provides the requested SigningMethod's algorithm for Sign/Verify.

By default JWT signature verification will happen by downloading and caching the public key of the KMS key, but you can also set verifyWithKMS to true if you want the KMS to verify the signature instead.

Index ¶

type Config
- func NewKMSConfig(client KMSClient, keyID string, verify bool) *Config
- func (c *Config) WithContext(ctx context.Context) *Config
type KMSClient
type KMSSigningMethod

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	// contains filtered or unexported fields
}

Config is a struct to be passed to token signing/verification.

func NewKMSConfig ¶

func NewKMSConfig(client KMSClient, keyID string, verify bool) *Config

NewKMSConfig create a new Config with specified parameters.

func (*Config) WithContext ¶

func (c *Config) WithContext(ctx context.Context) *Config

WithContext returns a copy of Config with context.

type KMSClient ¶

type KMSClient interface {
	Sign(ctx context.Context, in *kms.SignInput, optFns ...func(*kms.Options)) (*kms.SignOutput, error)
	Verify(ctx context.Context, in *kms.VerifyInput, optFns ...func(*kms.Options)) (*kms.VerifyOutput, error)
	GetPublicKey(ctx context.Context, in *kms.GetPublicKeyInput, optFns ...func(*kms.Options)) (*kms.GetPublicKeyOutput, error)
}

KMSClient is the subset of `*kms.Client` functionality used when signing and verifying JWTs. It is an interface here so users do not need to depend on the full-sized `*kms.Client` object and can substitute their own implementation.

type KMSSigningMethod ¶

type KMSSigningMethod struct {
	// contains filtered or unexported fields
}

KMSSigningMethod is a jwt.SigningMethod that uses AWS KMS to sign JWT tokens.

var (
	SigningMethodECDSA256 *KMSSigningMethod
	SigningMethodECDSA384 *KMSSigningMethod
	SigningMethodECDSA512 *KMSSigningMethod

	SigningMethodRS256 *KMSSigningMethod
	SigningMethodRS384 *KMSSigningMethod
	SigningMethodRS512 *KMSSigningMethod

	SigningMethodPS256 *KMSSigningMethod
	SigningMethodPS384 *KMSSigningMethod
	SigningMethodPS512 *KMSSigningMethod
)

func (*KMSSigningMethod) Alg ¶

func (m *KMSSigningMethod) Alg() string

func (*KMSSigningMethod) Sign ¶

func (m *KMSSigningMethod) Sign(signingString string, keyConfig interface{}) ([]byte, error)

func (*KMSSigningMethod) Verify ¶

func (m *KMSSigningMethod) Verify(signingString string, sig []byte, keyConfig interface{}) (err error)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
internal
mockkms Package mockkms provides a partial implementation of AWS' KMS interface sufficient to satisfy the KMSClient interface.	Package mockkms provides a partial implementation of AWS' KMS interface sufficient to satisfy the KMSClient interface.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL