Documentation ¶
Index ¶
- Constants
- Variables
- func Copy(elements map[string]interface{}) (result map[string]interface{})
- func Filter(elements map[string]interface{}, keys ...string) map[string]interface{}
- func ToString(i interface{}) string
- func ToTime(i interface{}) time.Time
- type Claims
- type DefaultSigner
- func (j *DefaultSigner) Decode(ctx context.Context, token string) (*Token, error)
- func (j *DefaultSigner) Generate(ctx context.Context, claims MapClaims, header Mapper) (string, string, error)
- func (j *DefaultSigner) GetSignature(ctx context.Context, token string) (string, error)
- func (j *DefaultSigner) GetSigningMethodLength(ctx context.Context) int
- func (j *DefaultSigner) Hash(ctx context.Context, in []byte) ([]byte, error)
- func (j *DefaultSigner) Validate(ctx context.Context, token string) (string, error)
- type GetPrivateKeyFunc
- type Headers
- type IDTokenClaims
- type JWTClaims
- func (c *JWTClaims) Add(key string, value interface{})
- func (c *JWTClaims) FromMap(m map[string]interface{})
- func (c *JWTClaims) FromMapClaims(mc MapClaims)
- func (c JWTClaims) Get(key string) interface{}
- func (c *JWTClaims) ToMap() map[string]interface{}
- func (c JWTClaims) ToMapClaims() MapClaims
- func (c *JWTClaims) With(expiry time.Time, scope, audience []string) JWTClaimsContainer
- func (c *JWTClaims) WithDefaults(iat time.Time, issuer string) JWTClaimsContainer
- func (c *JWTClaims) WithScopeField(scopeField JWTScopeFieldEnum) JWTClaimsContainer
- type JWTClaimsContainer
- type JWTClaimsDefaults
- type JWTScopeFieldEnum
- type Keyfunc
- type MapClaims
- func (m MapClaims) UnmarshalJSON(b []byte) error
- func (m MapClaims) Valid() error
- func (m MapClaims) VerifyAudience(cmp string, req bool) bool
- func (m MapClaims) VerifyExpiresAt(cmp int64, req bool) bool
- func (m MapClaims) VerifyIssuedAt(cmp int64, req bool) bool
- func (m MapClaims) VerifyIssuer(cmp string, req bool) bool
- func (m MapClaims) VerifyNotBefore(cmp int64, req bool) bool
- type Mapper
- type Signer
- type Token
- type ValidationError
Constants ¶
const ( SigningMethodNone = jose.SignatureAlgorithm("none") // This key should be use to correctly sign and verify alg:none JWT tokens UnsafeAllowNoneSignatureType unsafeNoneMagicConstant = "none signing method allowed" JWTHeaderType = jose.HeaderKey("typ") JWTHeaderTypeValue = "JWT" )
const ( ValidationErrorMalformed uint32 = 1 << iota // Token is malformed ValidationErrorUnverifiable // Token could not be verified because of signing problems ValidationErrorSignatureInvalid // Signature validation failed // Standard Claim validation errors ValidationErrorAudience // AUD validation failed ValidationErrorExpired // EXP validation failed ValidationErrorIssuedAt // IAT validation failed ValidationErrorIssuer // ISS validation failed ValidationErrorNotValidYet // NBF validation failed ValidationErrorId // JTI validation failed ValidationErrorClaimsInvalid // Generic claims validation error )
Validation provides a backwards compatible error definition from `jwt-go` to `go-jose`. The sourcecode was taken from https://github.com/dgrijalva/jwt-go/blob/master/errors.go
> The errors that might occur when parsing and validating a token
Variables ¶
var SHA256HashSize = crypto.SHA256.Size()
var TimeFunc = time.Now
Functions ¶
Types ¶
type Claims ¶ added in v0.40.0
type Claims interface {
Valid() error
}
Claims is a port from https://github.com/dgrijalva/jwt-go/blob/master/claims.go including its validation methods, which are not available in go-jose library
> For a type to be a Claims object, it must just have a Valid method that determines if the token is invalid for any supported reason
type DefaultSigner ¶ added in v0.43.0
type DefaultSigner struct {
GetPrivateKey GetPrivateKeyFunc
}
DefaultSigner is responsible for generating and validating JWT challenges
func (*DefaultSigner) Generate ¶ added in v0.43.0
func (j *DefaultSigner) Generate(ctx context.Context, claims MapClaims, header Mapper) (string, string, error)
Generate generates a new authorize code or returns an error. set secret
func (*DefaultSigner) GetSignature ¶ added in v0.43.0
GetSignature will return the signature of a token
func (*DefaultSigner) GetSigningMethodLength ¶ added in v0.43.0
func (j *DefaultSigner) GetSigningMethodLength(ctx context.Context) int
GetSigningMethodLength will return the length of the signing method
type GetPrivateKeyFunc ¶ added in v0.43.0
type Headers ¶
type Headers struct {
Extra map[string]interface{} `json:"extra"`
}
Headers is the jwt headers
func NewHeaders ¶ added in v0.19.0
func NewHeaders() *Headers
func (Headers) ToMapClaims ¶ added in v0.3.0
ToMapClaims will return a jwt-go MapClaims representation
type IDTokenClaims ¶
type IDTokenClaims struct { JTI string `json:"jti"` Issuer string `json:"iss"` Subject string `json:"sub"` Audience []string `json:"aud"` Nonce string `json:"nonce"` ExpiresAt time.Time `json:"exp"` IssuedAt time.Time `json:"iat"` RequestedAt time.Time `json:"rat"` AuthTime time.Time `json:"auth_time"` AccessTokenHash string `json:"at_hash"` AuthenticationContextClassReference string `json:"acr"` AuthenticationMethodsReferences []string `json:"amr"` CodeHash string `json:"c_hash"` Extra map[string]interface{} `json:"ext"` }
IDTokenClaims represent the claims used in open id connect requests
func (*IDTokenClaims) Add ¶
func (c *IDTokenClaims) Add(key string, value interface{})
Add will add a key-value pair to the extra field
func (*IDTokenClaims) Get ¶
func (c *IDTokenClaims) Get(key string) interface{}
Get will get a value from the extra field based on a given key
func (*IDTokenClaims) ToMap ¶
func (c *IDTokenClaims) ToMap() map[string]interface{}
ToMap will transform the headers to a map structure
func (IDTokenClaims) ToMapClaims ¶ added in v0.3.0
func (c IDTokenClaims) ToMapClaims() MapClaims
ToMapClaims will return a jwt-go MapClaims representation
type JWTClaims ¶
type JWTClaims struct { Subject string Issuer string Audience []string JTI string IssuedAt time.Time NotBefore time.Time ExpiresAt time.Time Scope []string Extra map[string]interface{} ScopeField JWTScopeFieldEnum }
JWTClaims represent a token's claims.
func (*JWTClaims) FromMapClaims ¶ added in v0.6.17
FromMapClaims will populate claims from a jwt-go MapClaims representation
func (JWTClaims) ToMapClaims ¶ added in v0.3.0
ToMapClaims will return a jwt-go MapClaims representation
func (*JWTClaims) With ¶ added in v0.26.0
func (c *JWTClaims) With(expiry time.Time, scope, audience []string) JWTClaimsContainer
func (*JWTClaims) WithDefaults ¶ added in v0.26.0
func (c *JWTClaims) WithDefaults(iat time.Time, issuer string) JWTClaimsContainer
func (*JWTClaims) WithScopeField ¶ added in v0.35.1
func (c *JWTClaims) WithScopeField(scopeField JWTScopeFieldEnum) JWTClaimsContainer
type JWTClaimsContainer ¶ added in v0.26.0
type JWTClaimsContainer interface { // With returns a copy of itself with expiresAt, scope, audience set to the given values. With(expiry time.Time, scope, audience []string) JWTClaimsContainer // WithDefaults returns a copy of itself with issuedAt and issuer set to the given default values. If those // values are already set in the claims, they will not be updated. WithDefaults(iat time.Time, issuer string) JWTClaimsContainer // WithScopeField configures how a scope field should be represented in JWT. WithScopeField(scopeField JWTScopeFieldEnum) JWTClaimsContainer // ToMapClaims returns the claims as a github.com/dgrijalva/jwt-go.MapClaims type. ToMapClaims() MapClaims }
type JWTClaimsDefaults ¶ added in v0.26.0
type JWTScopeFieldEnum ¶ added in v0.35.1
type JWTScopeFieldEnum int
Enum for different types of scope encoding.
const ( JWTScopeFieldUnset JWTScopeFieldEnum = iota JWTScopeFieldList JWTScopeFieldString JWTScopeFieldBoth )
type Keyfunc ¶ added in v0.40.0
Parse methods use this callback function to supply the key for verification. The function receives the parsed, but unverified Token. This allows you to use properties in the Header of the token (such as `kid`) to identify which key to use.
type MapClaims ¶ added in v0.40.0
type MapClaims map[string]interface{}
MapClaims provides backwards compatible validations not available in `go-jose`. It was taken from [here](https://raw.githubusercontent.com/form3tech-oss/jwt-go/master/map_claims.go).
Claims type that uses the map[string]interface{} for JSON decoding This is the default claims type if you don't supply one
func (MapClaims) UnmarshalJSON ¶ added in v0.40.2
func (MapClaims) Valid ¶ added in v0.40.0
Validates time based claims "exp, iat, nbf". There is no accounting for clock skew. As well, if any of the above claims are not in the token, it will still be considered a valid claim.
func (MapClaims) VerifyAudience ¶ added in v0.40.0
Compares the aud claim against cmp. If required is false, this method will return true if the value matches or is unset
func (MapClaims) VerifyExpiresAt ¶ added in v0.40.0
Compares the exp claim against cmp. If required is false, this method will return true if the value matches or is unset
func (MapClaims) VerifyIssuedAt ¶ added in v0.40.0
Compares the iat claim against cmp. If required is false, this method will return true if the value matches or is unset
func (MapClaims) VerifyIssuer ¶ added in v0.40.0
Compares the iss claim against cmp. If required is false, this method will return true if the value matches or is unset
type Mapper ¶
type Mapper interface { ToMap() map[string]interface{} Add(key string, value interface{}) Get(key string) interface{} }
Mapper is the interface used internally to map key-value pairs
type Signer ¶ added in v0.43.0
type Signer interface { Generate(ctx context.Context, claims MapClaims, header Mapper) (string, string, error) Validate(ctx context.Context, token string) (string, error) Hash(ctx context.Context, in []byte) ([]byte, error) Decode(ctx context.Context, token string) (*Token, error) GetSignature(ctx context.Context, token string) (string, error) GetSigningMethodLength(ctx context.Context) int }
type Token ¶ added in v0.40.0
type Token struct { Header map[string]interface{} // The first segment of the token Claims MapClaims // The second segment of the token Method jose.SignatureAlgorithm // contains filtered or unexported fields }
Token represets a JWT Token This token provide an adaptation to transit from [jwt-go](https://github.com/dgrijalva/jwt-go) to [go-jose](https://github.com/square/go-jose) It provides method signatures compatible with jwt-go but implemented using go-json
func NewWithClaims ¶ added in v0.40.0
NewWithClaims creates an unverified Token with the given claims and signing method
func ParseWithClaims ¶ added in v0.40.0
Parse, validate, and return a token. keyFunc will receive the parsed token and should return the key for validating. If everything is kosher, err will be nil
func (*Token) SignedString ¶ added in v0.40.0
SignedString provides a compatible `jwt-go` Token.SignedString method
> Get the complete, signed token
type ValidationError ¶ added in v0.40.0
type ValidationError struct { Inner error // stores the error returned by external dependencies, i.e.: KeyFunc Errors uint32 // bitfield. see ValidationError... constants // contains filtered or unexported fields }
The error from Parse if token is not valid
func (ValidationError) Error ¶ added in v0.40.0
func (e ValidationError) Error() string
Validation error is an error type
func (*ValidationError) Has ¶ added in v0.41.0
func (e *ValidationError) Has(verr uint32) bool