jwt

package
v2.24.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 22, 2024 License: Apache-2.0 Imports: 24 Imported by: 1

Documentation

Index

Constants

View Source
const (
	ClaimExpirationTime = "exp"
	ClaimNotBefore      = "nbf"
	ClaimIssuedAt       = "iat"
	ClaimAudience       = "aud"
	ClaimIssuer         = "iss"
	ClaimSubject        = "sub"
	ClaimScope          = "scope"
	ClaimID             = "jti"
	ClaimEmail          = "email"
	ClaimClientID       = "client_id"
	ClaimName           = "name"
)
View Source
const PlgdRequiredScope = "plgd:required:scope"

Variables

View Source
var (
	ErrMissingClaims = errors.New("missing claims")
	ErrMissingIssuer = errors.New("missing issuer")
	ErrMissingID     = errors.New("missing jti")
)
View Source
var (
	ErrMissingToken      = errors.New("missing token")
	ErrCannotParseToken  = errors.New("could not parse token")
	ErrCannotVerifyTrust = errors.New("could not verify token trust")
	ErrBlackListedToken  = errors.New("token is blacklisted")
)
View Source
var ErrMissingRequiredScopes = errors.New("required scopes not found")
View Source
var ErrOwnerClaimInvalid = errors.New("owner claim is invalid")

Functions

func CreateJwkKey added in v2.21.0

func CreateJwkKey(privateKey interface{}) (jwk.Key, error)

Types

type Claims

type Claims jwt.MapClaims

func ParseToken

func ParseToken(token string) (Claims, error)

func (Claims) GetAudience added in v2.16.3

func (c Claims) GetAudience() (jwt.ClaimStrings, error)

GetAudience returns the Audience ("aud") claim. If the claim does not exist, nil is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetClientID added in v2.16.3

func (c Claims) GetClientID() (string, error)

GetClientID returns the ClientID ("client_id") claim. If the claim does not exist, an empty string is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetDeviceID added in v2.16.3

func (c Claims) GetDeviceID(deviceIDClaim string) (string, error)

GetDeviceID returns the DeviceID ("device_id") claim. If the claim does not exist, an empty string is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetEmail added in v2.16.3

func (c Claims) GetEmail() (string, error)

GetEmail returns the Email ("email") claim. If the claim does not exist, an empty string is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetExpirationTime added in v2.16.3

func (c Claims) GetExpirationTime() (*jwt.NumericDate, error)

GetExpirationTime returns the Expiration Time ("exp") claim. If the claim does not exist, nil is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetID added in v2.16.3

func (c Claims) GetID() (string, error)

GetID returns the ID ("jti") claim. If the claim does not exist, an empty string is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetIssuedAt added in v2.16.3

func (c Claims) GetIssuedAt() (*jwt.NumericDate, error)

GetIssuedAt returns the Issued At ("iat") claim. If the claim does not exist, nil is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetIssuer added in v2.16.3

func (c Claims) GetIssuer() (string, error)

GetIssuer returns the Issuer ("iss") claim. If the claim does not exist, nil is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetName added in v2.16.3

func (c Claims) GetName() (string, error)

GetName returns the Name ("n") claim. If the claim does not exist, an empty string is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetNotBefore added in v2.16.3

func (c Claims) GetNotBefore() (*jwt.NumericDate, error)

GetNotBefore returns the Not Before ("nbf") claim. If the claim does not exist, nil is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetOwner added in v2.16.3

func (c Claims) GetOwner(ownerClaim string) (string, error)

GetOwner returns the Owner ("owner") claim. If the claim does not exist, an empty string is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetScope added in v2.16.3

func (c Claims) GetScope() (jwt.ClaimStrings, error)

GetScope returns the Scope ("scope") claim. If the claim does not exist, nil is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetSubject added in v2.16.3

func (c Claims) GetSubject() (string, error)

GetSubject returns the Subject ("sub") claim. If the claim does not exist, nil is returned. If the claim has the wrong type, an error is returned.

func (Claims) ValidateOwnerClaim

func (c Claims) ValidateOwnerClaim(ownerClaim string, userID string) error

ValidateOwnerClaim validates that ownerClaim is set and that it matches given user ID

type HTTPClient added in v2.23.0

type HTTPClient struct {
	*http.Client
	// contains filtered or unexported fields
}

func NewHTTPClient added in v2.23.0

func NewHTTPClient(client *http.Client, tokenEndpoint string) *HTTPClient

func (*HTTPClient) VerifyTokenByRequest added in v2.23.0

func (c *HTTPClient) VerifyTokenByRequest(ctx context.Context, token, tokenID string) (*pb.Token, error)

type KeyCache

type KeyCache struct {
	// contains filtered or unexported fields
}

func NewKeyCache

func NewKeyCache(url string, client *http.Client) *KeyCache

func (*KeyCache) FetchKeys

func (c *KeyCache) FetchKeys() error

func (*KeyCache) FetchKeysWithContext

func (c *KeyCache) FetchKeysWithContext(ctx context.Context) error

func (*KeyCache) GetKey

func (c *KeyCache) GetKey(token *jwt.Token) (interface{}, error)

func (*KeyCache) GetOrFetchKey

func (c *KeyCache) GetOrFetchKey(token *jwt.Token) (interface{}, error)

func (*KeyCache) GetOrFetchKeyWithContext

func (c *KeyCache) GetOrFetchKeyWithContext(ctx context.Context, token *jwt.Token) (interface{}, error)

func (*KeyCache) LookupKey

func (c *KeyCache) LookupKey(token *jwt.Token) (jwk.Key, error)

type KeyCacheI added in v2.21.0

type KeyCacheI interface {
	GetOrFetchKey(token *jwt.Token) (interface{}, error)
	GetOrFetchKeyWithContext(ctx context.Context, token *jwt.Token) (interface{}, error)
}

type MultiKeyCache added in v2.21.0

type MultiKeyCache struct {
	// contains filtered or unexported fields
}

func NewMultiKeyCache added in v2.21.0

func NewMultiKeyCache() *MultiKeyCache

func (*MultiKeyCache) Add added in v2.21.0

func (c *MultiKeyCache) Add(authority, url string, client *http.Client)

func (*MultiKeyCache) GetOrFetchKey added in v2.21.0

func (c *MultiKeyCache) GetOrFetchKey(token *jwt.Token) (interface{}, error)

func (*MultiKeyCache) GetOrFetchKeyWithContext added in v2.21.0

func (c *MultiKeyCache) GetOrFetchKeyWithContext(ctx context.Context, token *jwt.Token) (interface{}, error)

type Option added in v2.23.0

type Option interface {
	// contains filtered or unexported methods
}

func WithTrustVerification added in v2.23.0

func WithTrustVerification(clients map[string]TokenIssuerClient, cacheExpiration time.Duration, stop <-chan struct{}) Option

type ScopeClaims

type ScopeClaims Claims

func NewRegexpScopeClaims

func NewRegexpScopeClaims(scope ...*regexp.Regexp) *ScopeClaims

func NewScopeClaims

func NewScopeClaims(scope ...string) *ScopeClaims

func (*ScopeClaims) GetAudience added in v2.16.3

func (c *ScopeClaims) GetAudience() (jwt.ClaimStrings, error)

func (*ScopeClaims) GetExpirationTime added in v2.16.3

func (c *ScopeClaims) GetExpirationTime() (*jwt.NumericDate, error)

func (*ScopeClaims) GetID added in v2.23.0

func (c *ScopeClaims) GetID() (string, error)

func (*ScopeClaims) GetIssuedAt added in v2.16.3

func (c *ScopeClaims) GetIssuedAt() (*jwt.NumericDate, error)

func (*ScopeClaims) GetIssuer added in v2.16.3

func (c *ScopeClaims) GetIssuer() (string, error)

func (*ScopeClaims) GetNotBefore added in v2.16.3

func (c *ScopeClaims) GetNotBefore() (*jwt.NumericDate, error)

func (*ScopeClaims) GetSubject added in v2.16.3

func (c *ScopeClaims) GetSubject() (string, error)

func (*ScopeClaims) Validate added in v2.16.3

func (c *ScopeClaims) Validate() error

type TokenCache added in v2.23.0

type TokenCache struct {
	// contains filtered or unexported fields
}

func NewTokenCache added in v2.23.0

func NewTokenCache(clients map[string]TokenIssuerClient, expiration time.Duration, logger log.Logger) *TokenCache

func (*TokenCache) CheckExpirations added in v2.23.0

func (t *TokenCache) CheckExpirations(now time.Time)

func (*TokenCache) VerifyTrust added in v2.23.0

func (t *TokenCache) VerifyTrust(ctx context.Context, issuer, token string, tokenClaims jwt.Claims) error

type TokenIssuerClient added in v2.23.0

type TokenIssuerClient interface {
	VerifyTokenByRequest(ctx context.Context, token, tokenID string) (*pb.Token, error)
}

type Validator

type Validator struct {
	// contains filtered or unexported fields
}

func NewValidator

func NewValidator(keyCache KeyCacheI, logger log.Logger, opts ...Option) *Validator

func (*Validator) Parse

func (v *Validator) Parse(token string) (jwt.MapClaims, error)

func (*Validator) ParseWithClaims

func (v *Validator) ParseWithClaims(ctx context.Context, token string, claims jwt.Claims) error

func (*Validator) ParseWithContext

func (v *Validator) ParseWithContext(ctx context.Context, token string) (jwt.MapClaims, error)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL