jwt

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 31, 2020 License: MIT Imports: 5 Imported by: 0

Documentation

Overview

Package jwt implements JWTs per RFC 7519

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrTokenIsExpired is return when time.Now().Unix() is after
	// the token's "exp" claim.
	ErrTokenIsExpired = errors.New("token is expired")

	// ErrTokenNotYetValid is return when time.Now().Unix() is before
	// the token's "nbf" claim.
	ErrTokenNotYetValid = errors.New("token is not yet valid")

	// ErrInvalidISSClaim means the "iss" claim is invalid.
	ErrInvalidISSClaim = errors.New("claim \"iss\" is invalid")

	// ErrInvalidSUBClaim means the "sub" claim is invalid.
	ErrInvalidSUBClaim = errors.New("claim \"sub\" is invalid")

	// ErrInvalidIATClaim means the "iat" claim is invalid.
	ErrInvalidIATClaim = errors.New("claim \"iat\" is invalid")

	// ErrInvalidJTIClaim means the "jti" claim is invalid.
	ErrInvalidJTIClaim = errors.New("claim \"jti\" is invalid")

	// ErrInvalidAUDClaim means the "aud" claim is invalid.
	ErrInvalidAUDClaim = errors.New("claim \"aud\" is invalid")
)

Functions

func ValidAudience added in v1.1.0

func ValidAudience(a, b interface{}) bool

ValidAudience returns true iff:

  • a and b are strings and a == b
  • a is string, b is []string and a is in b
  • a is []string, b is []string and all of a is in b
  • a is []string, b is string and len(a) == 1 and a[0] == b

Types

type Claims

type Claims map[string]interface{}

Claims implements a set of JOSE Claims with the addition of some helper methods, similar to net/url.Values.

func (Claims) Audience added in v1.1.0

func (c Claims) Audience() ([]string, bool)

Audience retrieves claim "aud" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.3

func (Claims) Base64

func (c Claims) Base64() ([]byte, error)

Base64 implements the jose.Encoder interface.

func (Claims) Del

func (c Claims) Del(key string)

Del removes the value that corresponds with key from the Claims.

func (Claims) Expiration added in v1.1.0

func (c Claims) Expiration() (time.Time, bool)

Expiration retrieves claim "exp" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.4

func (Claims) Get

func (c Claims) Get(key string) interface{}

Get retrieves the value corresponding with key from the Claims.

func (Claims) GetTime added in v1.1.0

func (c Claims) GetTime(key string) (time.Time, bool)

GetTime returns a Unix timestamp for the given key.

It converts an int, int32, int64, uint, uint32, uint64 or float64 into a Unix timestamp (epoch seconds). float32 does not have sufficient precision to store a Unix timestamp.

Numeric values parsed from JSON will always be stored as float64 since Claims is a map[string]interface{}. However, the values may be stored directly in the claims as a different type.

func (Claims) Has

func (c Claims) Has(key string) bool

Has returns true if a value for the given key exists inside the Claims.

func (Claims) IssuedAt added in v1.1.0

func (c Claims) IssuedAt() (time.Time, bool)

IssuedAt retrieves claim "iat" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.6

func (Claims) Issuer added in v1.1.0

func (c Claims) Issuer() (string, bool)

Issuer retrieves claim "iss" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.1

func (Claims) JWTID added in v1.1.0

func (c Claims) JWTID() (string, bool)

JWTID retrieves claim "jti" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.7

func (Claims) MarshalJSON

func (c Claims) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler for Claims.

func (Claims) NotBefore added in v1.1.0

func (c Claims) NotBefore() (time.Time, bool)

NotBefore retrieves claim "nbf" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.5

func (Claims) RemoveAudience added in v1.1.0

func (c Claims) RemoveAudience()

RemoveAudience deletes claim "aud" from c.

func (Claims) RemoveExpiration added in v1.1.0

func (c Claims) RemoveExpiration()

RemoveExpiration deletes claim "exp" from c.

func (Claims) RemoveIssuedAt added in v1.1.0

func (c Claims) RemoveIssuedAt()

RemoveIssuedAt deletes claim "iat" from c.

func (Claims) RemoveIssuer added in v1.1.0

func (c Claims) RemoveIssuer()

RemoveIssuer deletes claim "iss" from c.

func (Claims) RemoveJWTID added in v1.1.0

func (c Claims) RemoveJWTID()

RemoveJWTID deletes claim "jti" from c.

func (Claims) RemoveNotBefore added in v1.1.0

func (c Claims) RemoveNotBefore()

RemoveNotBefore deletes claim "nbf" from c.

func (Claims) RemoveSubject added in v1.1.0

func (c Claims) RemoveSubject()

RemoveSubject deletes claim "sub" from c.

func (Claims) Set

func (c Claims) Set(key string, val interface{})

Set sets Claims[key] = val. It'll overwrite without warning.

func (Claims) SetAudience added in v1.1.0

func (c Claims) SetAudience(audience ...string)

SetAudience sets claim "aud" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.3

func (Claims) SetExpiration added in v1.1.0

func (c Claims) SetExpiration(expiration time.Time)

SetExpiration sets claim "exp" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.4

func (Claims) SetIssuedAt added in v1.1.0

func (c Claims) SetIssuedAt(issuedAt time.Time)

SetIssuedAt sets claim "iat" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.6

func (Claims) SetIssuer added in v1.1.0

func (c Claims) SetIssuer(issuer string)

SetIssuer sets claim "iss" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.1

func (Claims) SetJWTID added in v1.1.0

func (c Claims) SetJWTID(uniqueID string)

SetJWTID sets claim "jti" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.7

func (Claims) SetNotBefore added in v1.1.0

func (c Claims) SetNotBefore(notBefore time.Time)

SetNotBefore sets claim "nbf" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.5

func (Claims) SetSubject added in v1.1.0

func (c Claims) SetSubject(subject string)

SetSubject sets claim "iss" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.2

func (Claims) SetTime added in v1.1.0

func (c Claims) SetTime(key string, t time.Time)

SetTime stores a UNIX time for the given key.

func (Claims) Subject added in v1.1.0

func (c Claims) Subject() (string, bool)

Subject retrieves claim "sub" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.2

func (*Claims) UnmarshalJSON

func (c *Claims) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json.Unmarshaler for Claims.

func (Claims) Validate

func (c Claims) Validate(now time.Time, expLeeway, nbfLeeway time.Duration) error

Validate validates the Claims per the claims found in https://tools.ietf.org/html/rfc7519#section-4.1

type JWT

type JWT interface {
	// Claims returns the set of Claims.
	Claims() Claims

	// Validate returns an error describing any issues found while
	// validating the JWT. For info on the fn parameter, see the
	// comment on ValidateFunc.
	Validate(key interface{}, method crypto.SigningMethod, v ...*Validator) error

	// Serialize serializes the JWT into its on-the-wire
	// representation.
	Serialize(key interface{}) ([]byte, error)
}

JWT represents a JWT per RFC 7519. It's described as an interface instead of a physical structure because both JWS and JWEs can be JWTs. So, in order to use either, import one of those two packages and use their "NewJWT" (and other) functions.

type ValidateFunc

type ValidateFunc func(Claims) error

ValidateFunc is a function that provides access to the JWT and allows for custom validation. Keep in mind that the Verify methods in the JWS/JWE sibling packages call ValidateFunc *after* validating the JWS/JWE, but *before* any validation per the JWT RFC. Therefore, the ValidateFunc can be used to short-circuit verification, but cannot be used to circumvent the RFC. Custom JWT implementations are free to abuse this, but it is not recommended.

type Validator added in v1.1.0

type Validator struct {
	Expected Claims        // If non-nil, these are required to match.
	EXP      time.Duration // EXPLeeway
	NBF      time.Duration // NBFLeeway
	Fn       ValidateFunc  // See ValidateFunc for more information.
	// contains filtered or unexported fields
}

Validator represents some of the validation options.

func (*Validator) SetAudience added in v1.1.0

func (v *Validator) SetAudience(aud string)

SetAudience sets the "aud" claim per https://tools.ietf.org/html/rfc7519#section-4.1.3

func (*Validator) SetClaim added in v1.1.0

func (v *Validator) SetClaim(claim string, val interface{})

SetClaim sets the claim with the given val.

func (*Validator) SetExpiration added in v1.1.0

func (v *Validator) SetExpiration(exp time.Time)

SetExpiration sets the "exp" claim per https://tools.ietf.org/html/rfc7519#section-4.1.4

func (*Validator) SetIssuedAt added in v1.1.0

func (v *Validator) SetIssuedAt(iat time.Time)

SetIssuedAt sets the "iat" claim per https://tools.ietf.org/html/rfc7519#section-4.1.6

func (*Validator) SetIssuer added in v1.1.0

func (v *Validator) SetIssuer(iss string)

SetIssuer sets the "iss" claim per https://tools.ietf.org/html/rfc7519#section-4.1.1

func (*Validator) SetJWTID added in v1.1.0

func (v *Validator) SetJWTID(jti string)

SetJWTID sets the "jti" claim per https://tools.ietf.org/html/rfc7519#section-4.1.7

func (*Validator) SetNotBefore added in v1.1.0

func (v *Validator) SetNotBefore(nbf time.Time)

SetNotBefore sets the "nbf" claim per https://tools.ietf.org/html/rfc7519#section-4.1.5

func (*Validator) SetSubject added in v1.1.0

func (v *Validator) SetSubject(sub string)

SetSubject sets the "sub" claim per https://tools.ietf.org/html/rfc7519#section-4.1.2

func (*Validator) Validate added in v1.1.0

func (v *Validator) Validate(j JWT) error

Validate validates the JWT based on the expected claims in v. Note: it only validates the registered claims per https://tools.ietf.org/html/rfc7519#section-4.1

Custom claims should be validated using v's Fn member.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL