Documentation
¶
Index ¶
- func CompactPKToken(tokens [][]byte, freshIDToken []byte) ([]byte, error)
- func SplitCompactPKToken(pktCom []byte) ([][]byte, []byte, error)
- type CosignerClaims
- type PKToken
- func (p *PKToken) AddSignature(token []byte, sigType SignatureType) error
- func (p *PKToken) Compact() ([]byte, error)
- func (p *PKToken) DeepCopy() (*PKToken, error)
- func (p *PKToken) GetCicValues() (*clientinstance.Claims, error)
- func (p *PKToken) Hash() (string, error)
- func (p *PKToken) Issuer() (string, error)
- func (p *PKToken) MarshalJSON() ([]byte, error)
- func (p *PKToken) NewSignedMessage(content []byte, signer crypto.Signer) ([]byte, error)
- func (p *PKToken) ParseCosignerClaims() (*CosignerClaims, error)
- func (p *PKToken) ProviderAlgorithm() (jwa.SignatureAlgorithm, bool)
- func (p *PKToken) SignToken(signer crypto.Signer, alg jwa.KeyAlgorithm, protected map[string]any) ([]byte, error)
- func (p *PKToken) UnmarshalJSON(data []byte) error
- func (p *PKToken) VerifySignedMessage(osm []byte) ([]byte, error)
- type Signature
- type SignatureType
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CompactPKToken ¶ added in v0.3.1
CompactPKToken creates a compact representation of a PK Token from a list of tokens
Types ¶
type CosignerClaims ¶ added in v0.2.0
type CosignerClaims struct {
Issuer string `json:"iss"`
KeyID string `json:"kid"`
Algorithm string `json:"alg"`
AuthID string `json:"eid"`
AuthTime int64 `json:"auth_time"`
IssuedAt int64 `json:"iat"` // may differ from auth_time because of refresh
Expiration int64 `json:"exp"`
RedirectURI string `json:"ruri"`
Nonce string `json:"nonce"`
Typ string `json:"typ"`
}
type PKToken ¶
type PKToken struct {
Payload []byte // decoded payload
Op *Signature // Provider Signature
Cic *Signature // Client Signature
Cos *Signature // Cosigner Signature
// We keep the tokens around as unmarshalled values can no longer be verified
OpToken []byte // Base64 encoded ID Token signed by the OP
CicToken []byte // Base64 encoded Token signed by the Client
CosToken []byte // Base64 encoded Token signed by the Cosigner
// FreshIDToken is the refreshed ID Token. It has a different payload from
// other tokens and must be handled separately.
// It is only used for POP Authentication
FreshIDToken []byte // Base64 encoded Refreshed ID Token
// contains filtered or unexported fields
}
func New ¶
New creates a new PKToken from an ID Token and a CIC Token. It adds signatures for both tokens to the PK Token and returns the PK Token.
func NewFromCompact ¶ added in v0.3.1
NewFromCompact creates a PK Token from a compact representation
func (*PKToken) AddSignature ¶
func (p *PKToken) AddSignature(token []byte, sigType SignatureType) error
AddSignature will add a signature to the PKToken with the specified signature type. It takes a token byte slice and a signature type as input, and returns an error if the signature cannot be added.
To use AddSignature, first parse the token byte slice using the jws.Parse function to obtain a jws.Message object. You can then extract the signature from the message object using the Signatures method, and pass it to AddSignature along with the desired signature type.
The function supports three signature types: OIDC, CIC, and COS. These signature types correspond to the JWTs in the PK Token. Depending on the signature type, the function will set the corresponding field in the PKToken struct (Op, Cic, or Cos) to the provided signature. It will also set the corresponding token field (OpToken, CicToken, or CosToken) to the provided token byte slice.
If the signature type is not recognized, an error will be returned.
func (*PKToken) DeepCopy ¶ added in v0.4.0
DeepCopy creates a complete and independent copy of this PKToken,
func (*PKToken) GetCicValues ¶
func (p *PKToken) GetCicValues() (*clientinstance.Claims, error)
func (*PKToken) Issuer ¶ added in v0.3.0
Issuer returns the issuer of the ID Token in the PKToken. It extracts the issuer from the PKToken payload and returns it as a string.
func (*PKToken) MarshalJSON ¶
func (*PKToken) NewSignedMessage ¶
NewSignedMessage signs a message with the signer provided. The signed message is OSM (OpenPubkey Signed Message) which is a type of JWS (JSON Web Signature). OSMs commit to the PK Token which was used to generate the OSM.
func (*PKToken) ParseCosignerClaims ¶ added in v0.3.0
func (p *PKToken) ParseCosignerClaims() (*CosignerClaims, error)
func (*PKToken) ProviderAlgorithm ¶ added in v0.3.0
func (p *PKToken) ProviderAlgorithm() (jwa.SignatureAlgorithm, bool)
func (*PKToken) SignToken ¶ added in v0.3.0
func (p *PKToken) SignToken( signer crypto.Signer, alg jwa.KeyAlgorithm, protected map[string]any, ) ([]byte, error)
Signs PK Token and then returns only the payload, header and signature as a JWT
func (*PKToken) UnmarshalJSON ¶
func (*PKToken) VerifySignedMessage ¶
NewSignedMessage verifies that an OSM (OpenPubkey Signed Message) using the public key in this PK Token. If verification is successful, VerifySignedMessage returns the content of the signed message. Otherwise it returns an error explaining why verification failed.
Note: VerifySignedMessage does not check this the PK Token is valid. The PK Token should always be verified first before calling VerifySignedMessage
type SignatureType ¶
type SignatureType string
const ( OIDC SignatureType = "JWT" CIC SignatureType = "CIC" COS SignatureType = "COS" )
Source Files
Directories