Documentation ¶
Overview ¶
Package paseto provides a Go implementation of PASETO, a secure alternative to the JOSE standards (JWT, JWE, JWS). See https://paseto.io/
Index ¶
- Constants
- Variables
- func GetTokenInfo(token string) (Version, Purpose, error)
- func ParseFooter(token string, footer interface{}) error
- type JSONToken
- type Protocol
- type Purpose
- type V1
- func (p *V1) Decrypt(token string, key []byte, payload interface{}, footer interface{}) error
- func (p *V1) Encrypt(key []byte, payload interface{}, footer interface{}) (string, error)
- func (p *V1) Sign(privateKey crypto.PrivateKey, payload interface{}, footer interface{}) (string, error)
- func (p *V1) Verify(token string, publicKey crypto.PublicKey, payload interface{}, ...) error
- type V2
- func (*V2) Decrypt(token string, key []byte, payload interface{}, footer interface{}) error
- func (p *V2) Encrypt(key []byte, payload interface{}, footer interface{}) (string, error)
- func (*V2) Sign(privateKey crypto.PrivateKey, payload interface{}, footer interface{}) (string, error)
- func (*V2) Verify(token string, publicKey crypto.PublicKey, payload interface{}, ...) error
- type Validator
- type Version
Constants ¶
const ( // Version1 defines protocol version 1 Version1 = Version("v1") // Version2 defines protocol version 2 Version2 = Version("v2") )
Variables ¶
var ( // ErrUnsupportedTokenVersion unsupported parser version ErrUnsupportedTokenVersion = errors.New("unsupported parser version") // ErrUnsupportedTokenType unsupported token type ErrUnsupportedTokenType = errors.New("unsupported token type") // ErrIncorrectPrivateKeyType incorrect private key type ErrIncorrectPrivateKeyType = errors.New("incorrect private key type") // ErrIncorrectPublicKeyType incorrect public key type ErrIncorrectPublicKeyType = errors.New("incorrect public key type") // ErrPublicKeyNotFound public key for this version not found ErrPublicKeyNotFound = errors.New("public key for this version not found") // ErrIncorrectTokenFormat incorrect token format ErrIncorrectTokenFormat = errors.New("incorrect token format") // ErrIncorrectTokenHeader incorrect token header ErrIncorrectTokenHeader = errors.New("incorrect token header") // ErrInvalidTokenAuth invalid token authentication ErrInvalidTokenAuth = errors.New("invalid token authentication") // ErrInvalidSignature invalid signature ErrInvalidSignature = errors.New("invalid signature") // ErrDataUnmarshal can't unmarshal token data to the given type of value ErrDataUnmarshal = errors.New("can't unmarshal token data to the given type of value") // ErrTokenValidationError invalid token data ErrTokenValidationError = errors.New("token validation error") )
Functions ¶
func GetTokenInfo ¶
GetTokenInfo returns the token version (paseto.Version1 or paseto.Version2) and purpose (paseto.LOCAL or paseto.PUBLIC).
func ParseFooter ¶
ParseFooter parses the footer from the token and returns it.
Types ¶
type JSONToken ¶ added in v0.2.0
type JSONToken struct { // Audience identifies the intended recipients of the token. // It should be a string or a URI and is case sensitive. Audience string // Issuer identifies the entity which issued the token. // It should be a string or a URI and is case sensitive. Issuer string // JTI is a globally unique identifier for the token. It must be created in // such a way as to ensure that there is negligible probability that the same // value will be used in another token. Jti string // Subject identifies the principal entity that is the subject of the token. // For example, for an authentication token, the subject might be the user ID // of a person. Subject string // Expiration is a time on or after which the token must not be accepted for processing. Expiration time.Time // IssuedAt is the time at which the token was issued. IssuedAt time.Time // NotBefore is a time on or before which the token must not be accepted for // processing. NotBefore time.Time // contains filtered or unexported fields }
JSONToken defines standard token payload claims and allows for additional claims to be added. All of the standard claims are optional.
func (*JSONToken) Get ¶ added in v0.2.0
Get returns the value of a custom claim, as a string. If there is no such claim, an empty string is returned.
func (JSONToken) MarshalJSON ¶ added in v0.2.0
MarshalJSON implements json.Marshaler interface
func (*JSONToken) Set ¶ added in v0.2.0
Set sets the value of a custom claim to the string value provided.
func (*JSONToken) UnmarshalJSON ¶ added in v0.2.0
UnmarshalJSON implements json.Unmarshaler interface
type Protocol ¶
type Protocol interface { // Encrypt encrypts a token with a symmetric key. The key should be a byte // slice of 32 bytes, regardless of whether PASETO v1 or v2 is being used. Encrypt(key []byte, payload interface{}, footer interface{}) (string, error) // Decrypt decrypts a token which was encrypted with a symmetric key. Decrypt(token string, key []byte, payload interface{}, footer interface{}) error // Sign signs a token with the given private key. For PASETO v1, the key should // be an rsa.PrivateKey. For v2, the key should be an ed25519.PrivateKey. Sign(privateKey crypto.PrivateKey, payload interface{}, footer interface{}) (string, error) // Verify verifies a token against the given public key. For PASETO v1, the key // key should be an rsa.PublicKey. For v2, the key should be an // ed25519.PublicKey. Verify(token string, publicKey crypto.PublicKey, value interface{}, footer interface{}) error }
Protocol defines the PASETO token protocol interface.
type V1 ¶
type V1 struct {
// contains filtered or unexported fields
}
V1 is a v1 implementation of PASETO tokens
func NewV1 ¶
func NewV1() *V1
NewV1 returns a v1 implementation of PASETO tokens. You should not use PASETO v1 unless you need interoperability with for legacy systems that cannot use modern cryptography.
type V2 ¶
type V2 struct {
// contains filtered or unexported fields
}
V2 is a v2 implementation of PASETO tokens
type Validator ¶ added in v0.2.0
Validator defines a JSONToken validator function.
func ForAudience ¶ added in v0.2.0
ForAudience validates that the JSONToken audience has the specified value.
func IdentifiedBy ¶ added in v0.2.0
IdentifiedBy validates that the JSONToken JTI has the specified value.
func IssuedBy ¶ added in v0.2.0
IssuedBy validates that the JSONToken issuer has the specified value.
type Version ¶
type Version string
Version defines the token version.
func Parse ¶
func Parse(token string, payload interface{}, footer interface{}, symmetricKey []byte, publicKeys map[Version]crypto.PublicKey) (Version, error)
Parse extracts the payload and footer from the token by calling either Decrypt() or Verify(), depending on whether the token is public or private. To parse public tokens you need to provide a map containing v1 and/or v2 public keys, depending on the version of the token. To parse private tokens you need to provide the symmetric key.