server

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 9, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source
const FakeAudience = "example-users"
View Source
const FakeIssuer = "fake-issuer"
View Source
const JWTClaimsContextKey = "jwt_claims"
View Source
const KeyID = `fake-key-id`
View Source
const PermissionsClaim = "perm"
View Source
const PrivateKey = `` /* 226-byte string literal not displayed */

PrivateKey is an ECDSA private key which was generated with the following command:

openssl ecparam -name prime256v1 -genkey -noout -out ecprivatekey.pem

We are using a hard coded key here in this example, but in real applications, you would never do this. Your JWT signing key must never be in your application, only the public key.

Variables

View Source
var (
	ErrNoAuthHeader      = errors.New("Authorization header is missing")
	ErrInvalidAuthHeader = errors.New("Authorization header is malformed")
	ErrClaimsInvalid     = errors.New("Provided claims do not match expected scopes")
)

Functions

func Authenticate

Authenticate uses the specified validator to ensure a JWT is valid, then makes sure that the claims provided by the JWT match the scopes as required in the API.

func CheckTokenClaims

func CheckTokenClaims(expectedClaims []string, t jwt.Token) error

func CreateMiddleware

func CreateMiddleware(v JWSValidator) ([]echo.MiddlewareFunc, error)

func GetClaimsFromToken

func GetClaimsFromToken(t jwt.Token) ([]string, error)

GetClaimsFromToken returns a list of claims from the token. We store these as a list under the "perms" claim, short for permissions, to keep the token shorter.

func GetJWSFromRequest

func GetJWSFromRequest(req *http.Request) (string, error)

GetJWSFromRequest extracts a JWS string from an Authorization: Bearer <jws> header

func NewServer

func NewServer() *server

Types

type FakeAuthenticator

type FakeAuthenticator struct {
	PrivateKey *ecdsa.PrivateKey
	KeySet     jwk.Set
}

func NewFakeAuthenticator

func NewFakeAuthenticator() (*FakeAuthenticator, error)

NewFakeAuthenticator creates an authenticator example which uses a hard coded ECDSA key to validate JWT's that it has signed itself.

func (*FakeAuthenticator) CreateJWSWithClaims

func (f *FakeAuthenticator) CreateJWSWithClaims(claims []string) ([]byte, error)

CreateJWSWithClaims is a helper function to create JWT's with the specified claims.

func (*FakeAuthenticator) SignToken

func (f *FakeAuthenticator) SignToken(t jwt.Token) ([]byte, error)

SignToken takes a JWT and signs it with our private key, returning a JWS.

func (*FakeAuthenticator) ValidateJWS

func (f *FakeAuthenticator) ValidateJWS(jwsString string) (jwt.Token, error)

ValidateJWS ensures that the critical JWT claims needed to ensure that we trust the JWT are present and with the correct values.

type JWSValidator

type JWSValidator interface {
	ValidateJWS(jws string) (jwt.Token, error)
}

JWSValidator is used to validate JWS payloads and return a JWT if they're valid

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL