Documentation
¶
Overview ¶
Package jwt implements JWTs per RFC 7519
Index ¶
- Variables
- func ValidAudience(a, b interface{}) bool
- type Claims
- func (c Claims) Audience() ([]string, bool)
- func (c Claims) Base64() ([]byte, error)
- func (c Claims) Del(key string)
- func (c Claims) Expiration() (time.Time, bool)
- func (c Claims) Get(key string) interface{}
- func (c Claims) GetTime(key string) (time.Time, bool)
- func (c Claims) Has(key string) bool
- func (c Claims) IssuedAt() (time.Time, bool)
- func (c Claims) Issuer() (string, bool)
- func (c Claims) JWTID() (string, bool)
- func (c Claims) MarshalJSON() ([]byte, error)
- func (c Claims) NotBefore() (time.Time, bool)
- func (c Claims) RemoveAudience()
- func (c Claims) RemoveExpiration()
- func (c Claims) RemoveIssuedAt()
- func (c Claims) RemoveIssuer()
- func (c Claims) RemoveJWTID()
- func (c Claims) RemoveNotBefore()
- func (c Claims) RemoveSubject()
- func (c Claims) Set(key string, val interface{})
- func (c Claims) SetAudience(audience ...string)
- func (c Claims) SetExpiration(expiration time.Time)
- func (c Claims) SetIssuedAt(issuedAt time.Time)
- func (c Claims) SetIssuer(issuer string)
- func (c Claims) SetJWTID(uniqueID string)
- func (c Claims) SetNotBefore(notBefore time.Time)
- func (c Claims) SetSubject(subject string)
- func (c Claims) SetTime(key string, t time.Time)
- func (c Claims) Subject() (string, bool)
- func (c *Claims) UnmarshalJSON(b []byte) error
- func (c Claims) Validate(now time.Time, expLeeway, nbfLeeway time.Duration) error
- type JWT
- type ValidateFunc
- type Validator
- func (v *Validator) SetAudience(aud string)
- func (v *Validator) SetClaim(claim string, val interface{})
- func (v *Validator) SetExpiration(exp time.Time)
- func (v *Validator) SetIssuedAt(iat time.Time)
- func (v *Validator) SetIssuer(iss string)
- func (v *Validator) SetJWTID(jti string)
- func (v *Validator) SetNotBefore(nbf time.Time)
- func (v *Validator) SetSubject(sub string)
- func (v *Validator) Validate(j JWT) error
Constants ¶
This section is empty.
Variables ¶
var ( // ErrTokenIsExpired is return when time.Now().Unix() is after // the token's "exp" claim. ErrTokenIsExpired = errors.New("token is expired") // ErrTokenNotYetValid is return when time.Now().Unix() is before // the token's "nbf" claim. ErrTokenNotYetValid = errors.New("token is not yet valid") // ErrInvalidISSClaim means the "iss" claim is invalid. ErrInvalidISSClaim = errors.New("claim \"iss\" is invalid") // ErrInvalidSUBClaim means the "sub" claim is invalid. ErrInvalidSUBClaim = errors.New("claim \"sub\" is invalid") // ErrInvalidIATClaim means the "iat" claim is invalid. ErrInvalidIATClaim = errors.New("claim \"iat\" is invalid") // ErrInvalidJTIClaim means the "jti" claim is invalid. ErrInvalidJTIClaim = errors.New("claim \"jti\" is invalid") // ErrInvalidAUDClaim means the "aud" claim is invalid. ErrInvalidAUDClaim = errors.New("claim \"aud\" is invalid") )
Functions ¶
func ValidAudience ¶ added in v1.1.0
func ValidAudience(a, b interface{}) bool
ValidAudience returns true iff:
- a and b are strings and a == b
- a is string, b is []string and a is in b
- a is []string, b is []string and all of a is in b
- a is []string, b is string and len(a) == 1 and a[0] == b
Types ¶
type Claims ¶
type Claims map[string]interface{}
Claims implements a set of JOSE Claims with the addition of some helper methods, similar to net/url.Values.
func (Claims) Audience ¶ added in v1.1.0
Audience retrieves claim "aud" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.3
func (Claims) Expiration ¶ added in v1.1.0
Expiration retrieves claim "exp" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.4
func (Claims) GetTime ¶ added in v1.1.0
GetTime returns a Unix timestamp for the given key.
It converts an int, int32, int64, uint, uint32, uint64 or float64 into a Unix timestamp (epoch seconds). float32 does not have sufficient precision to store a Unix timestamp.
Numeric values parsed from JSON will always be stored as float64 since Claims is a map[string]interface{}. However, the values may be stored directly in the claims as a different type.
func (Claims) IssuedAt ¶ added in v1.1.0
IssuedAt retrieves claim "iat" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.6
func (Claims) Issuer ¶ added in v1.1.0
Issuer retrieves claim "iss" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.1
func (Claims) JWTID ¶ added in v1.1.0
JWTID retrieves claim "jti" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.7
func (Claims) MarshalJSON ¶
MarshalJSON implements json.Marshaler for Claims.
func (Claims) NotBefore ¶ added in v1.1.0
NotBefore retrieves claim "nbf" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.5
func (Claims) RemoveAudience ¶ added in v1.1.0
func (c Claims) RemoveAudience()
RemoveAudience deletes claim "aud" from c.
func (Claims) RemoveExpiration ¶ added in v1.1.0
func (c Claims) RemoveExpiration()
RemoveExpiration deletes claim "exp" from c.
func (Claims) RemoveIssuedAt ¶ added in v1.1.0
func (c Claims) RemoveIssuedAt()
RemoveIssuedAt deletes claim "iat" from c.
func (Claims) RemoveIssuer ¶ added in v1.1.0
func (c Claims) RemoveIssuer()
RemoveIssuer deletes claim "iss" from c.
func (Claims) RemoveJWTID ¶ added in v1.1.0
func (c Claims) RemoveJWTID()
RemoveJWTID deletes claim "jti" from c.
func (Claims) RemoveNotBefore ¶ added in v1.1.0
func (c Claims) RemoveNotBefore()
RemoveNotBefore deletes claim "nbf" from c.
func (Claims) RemoveSubject ¶ added in v1.1.0
func (c Claims) RemoveSubject()
RemoveSubject deletes claim "sub" from c.
func (Claims) SetAudience ¶ added in v1.1.0
SetAudience sets claim "aud" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.3
func (Claims) SetExpiration ¶ added in v1.1.0
SetExpiration sets claim "exp" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.4
func (Claims) SetIssuedAt ¶ added in v1.1.0
SetIssuedAt sets claim "iat" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.6
func (Claims) SetIssuer ¶ added in v1.1.0
SetIssuer sets claim "iss" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.1
func (Claims) SetJWTID ¶ added in v1.1.0
SetJWTID sets claim "jti" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.7
func (Claims) SetNotBefore ¶ added in v1.1.0
SetNotBefore sets claim "nbf" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.5
func (Claims) SetSubject ¶ added in v1.1.0
SetSubject sets claim "iss" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.2
func (Claims) Subject ¶ added in v1.1.0
Subject retrieves claim "sub" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.2
func (*Claims) UnmarshalJSON ¶
UnmarshalJSON implements json.Unmarshaler for Claims.
type JWT ¶
type JWT interface {
// Claims returns the set of Claims.
Claims() Claims
// Validate returns an error describing any issues found while
// validating the JWT. For info on the fn parameter, see the
// comment on ValidateFunc.
Validate(key interface{}, method crypto.SigningMethod, v ...*Validator) error
// Serialize serializes the JWT into its on-the-wire
// representation.
Serialize(key interface{}) ([]byte, error)
}
JWT represents a JWT per RFC 7519. It's described as an interface instead of a physical structure because both JWS and JWEs can be JWTs. So, in order to use either, import one of those two packages and use their "NewJWT" (and other) functions.
type ValidateFunc ¶
ValidateFunc is a function that provides access to the JWT and allows for custom validation. Keep in mind that the Verify methods in the JWS/JWE sibling packages call ValidateFunc *after* validating the JWS/JWE, but *before* any validation per the JWT RFC. Therefore, the ValidateFunc can be used to short-circuit verification, but cannot be used to circumvent the RFC. Custom JWT implementations are free to abuse this, but it is not recommended.
type Validator ¶ added in v1.1.0
type Validator struct {
Expected Claims // If non-nil, these are required to match.
EXP time.Duration // EXPLeeway
NBF time.Duration // NBFLeeway
Fn ValidateFunc // See ValidateFunc for more information.
// contains filtered or unexported fields
}
Validator represents some of the validation options.
func (*Validator) SetAudience ¶ added in v1.1.0
SetAudience sets the "aud" claim per https://tools.ietf.org/html/rfc7519#section-4.1.3
func (*Validator) SetExpiration ¶ added in v1.1.0
SetExpiration sets the "exp" claim per https://tools.ietf.org/html/rfc7519#section-4.1.4
func (*Validator) SetIssuedAt ¶ added in v1.1.0
SetIssuedAt sets the "iat" claim per https://tools.ietf.org/html/rfc7519#section-4.1.6
func (*Validator) SetIssuer ¶ added in v1.1.0
SetIssuer sets the "iss" claim per https://tools.ietf.org/html/rfc7519#section-4.1.1
func (*Validator) SetJWTID ¶ added in v1.1.0
SetJWTID sets the "jti" claim per https://tools.ietf.org/html/rfc7519#section-4.1.7
func (*Validator) SetNotBefore ¶ added in v1.1.0
SetNotBefore sets the "nbf" claim per https://tools.ietf.org/html/rfc7519#section-4.1.5
func (*Validator) SetSubject ¶ added in v1.1.0
SetSubject sets the "sub" claim per https://tools.ietf.org/html/rfc7519#section-4.1.2
func (*Validator) Validate ¶ added in v1.1.0
Validate validates the JWT based on the expected claims in v. Note: it only validates the registered claims per https://tools.ietf.org/html/rfc7519#section-4.1
Custom claims should be validated using v's Fn member.
Source Files