Documentation ¶
Index ¶
- Constants
- Variables
- func Authenticate(v JWSValidator, ctx context.Context, input *openapi3filter.AuthenticationInput) error
- func CheckTokenClaims(expectedClaims []string, t jwt.Token) error
- func CreateMiddleware(v JWSValidator) ([]echo.MiddlewareFunc, error)
- func GetClaimsFromToken(t jwt.Token) ([]string, error)
- func GetJWSFromRequest(req *http.Request) (string, error)
- func NewAuthenticator(v JWSValidator) openapi3filter.AuthenticationFunc
- func NewServer() *server
- type FakeAuthenticator
- type JWSValidator
Constants ¶
const FakeAudience = "example-users"
const FakeIssuer = "fake-issuer"
const KeyID = `fake-key-id`
const PermissionsClaim = "perm"
const PrivateKey = `` /* 226-byte string literal not displayed */
PrivateKey is an ECDSA private key which was generated with the following command:
openssl ecparam -name prime256v1 -genkey -noout -out ecprivatekey.pem
We are using a hard coded key here in this example, but in real applications, you would never do this. Your JWT signing key must never be in your application, only the public key.
Variables ¶
var ErrClaimsInvalid = errors.New("Provided claims do not match expected scopes")
var ErrInvalidAuthHeader = errors.New("Authorization header is malformed")
var ErrNoAuthHeader = errors.New("Authorization header is missing")
Functions ¶
func Authenticate ¶
func Authenticate(v JWSValidator, ctx context.Context, input *openapi3filter.AuthenticationInput) error
Authenticate uses the specified validator to ensure a JWT is valid, then makes sure that the claims provided by the JWT match the scopes as required in the API.
func CreateMiddleware ¶
func CreateMiddleware(v JWSValidator) ([]echo.MiddlewareFunc, error)
func GetClaimsFromToken ¶
GetClaimsFromToken returns a list of claims from the token. We store these as a list under the "perms" claim, short for permissions, to keep the token shorter.
func GetJWSFromRequest ¶
GetJWSFromRequest extracts a JWS string from an Authorization: Bearer <jws> header
func NewAuthenticator ¶
func NewAuthenticator(v JWSValidator) openapi3filter.AuthenticationFunc
Types ¶
type FakeAuthenticator ¶
type FakeAuthenticator struct { PrivateKey *ecdsa.PrivateKey KeySet jwk.Set }
func NewFakeAuthenticator ¶
func NewFakeAuthenticator() (*FakeAuthenticator, error)
NewFakeAuthenticator creates an authenticator example which uses a hard coded ECDSA key to validate JWT's that it has signed itself.
func (*FakeAuthenticator) CreateJWSWithClaims ¶
func (f *FakeAuthenticator) CreateJWSWithClaims(claims []string) ([]byte, error)
CreateJWSWithClaims is a helper function to create JWT's with the specified claims.
func (*FakeAuthenticator) SignToken ¶
func (f *FakeAuthenticator) SignToken(t jwt.Token) ([]byte, error)
SignToken takes a JWT and signs it with our priviate key, returning a JWS.
func (*FakeAuthenticator) ValidateJWS ¶
func (f *FakeAuthenticator) ValidateJWS(jwsString string) (jwt.Token, error)
ValidateJWS ensures that the critical JWT claims needed to ensure that we trust the JWT are present and with the correct values.