jwt

package
v2.24.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 22, 2024 License: Apache-2.0 Imports: 24 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	ClaimExpirationTime = "exp"
	ClaimNotBefore      = "nbf"
	ClaimIssuedAt       = "iat"
	ClaimAudience       = "aud"
	ClaimIssuer         = "iss"
	ClaimSubject        = "sub"
	ClaimScope          = "scope"
	ClaimID             = "jti"
	ClaimEmail          = "email"
	ClaimClientID       = "client_id"
	ClaimName           = "name"
)
View Source 
const PlgdRequiredScope = "plgd:required:scope"

Variables

View Source 
var (
	ErrMissingClaims = errors.New("missing claims")
	ErrMissingIssuer = errors.New("missing issuer")
	ErrMissingID     = errors.New("missing jti")
)
View Source 
var (
	ErrMissingToken      = errors.New("missing token")
	ErrCannotParseToken  = errors.New("could not parse token")
	ErrCannotVerifyTrust = errors.New("could not verify token trust")
	ErrBlackListedToken  = errors.New("token is blacklisted")
)
View Source 
var ErrMissingRequiredScopes = errors.New("required scopes not found")
View Source 
var ErrOwnerClaimInvalid = errors.New("owner claim is invalid")

Functions

func CreateJwkKey added in v2.21.0 

func CreateJwkKey(privateKey interface{}) (jwk.Key, error)

Types

type Claims 

type Claims jwt.MapClaims

func ParseToken 

func ParseToken(token string) (Claims, error)

func (Claims) GetAudience added in v2.16.3 

func (c Claims) GetAudience() (jwt.ClaimStrings, error)

GetAudience returns the Audience ("aud") claim. If the claim does not exist, nil is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetClientID added in v2.16.3 

func (c Claims) GetClientID() (string, error)

GetClientID returns the ClientID ("client_id") claim. If the claim does not exist, an empty string is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetDeviceID added in v2.16.3 

func (c Claims) GetDeviceID(deviceIDClaim string) (string, error)

GetDeviceID returns the DeviceID ("device_id") claim. If the claim does not exist, an empty string is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetEmail added in v2.16.3 

func (c Claims) GetEmail() (string, error)

GetEmail returns the Email ("email") claim. If the claim does not exist, an empty string is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetExpirationTime added in v2.16.3 

func (c Claims) GetExpirationTime() (*jwt.NumericDate, error)

GetExpirationTime returns the Expiration Time ("exp") claim. If the claim does not exist, nil is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetID added in v2.16.3 

func (c Claims) GetID() (string, error)

GetID returns the ID ("jti") claim. If the claim does not exist, an empty string is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetIssuedAt added in v2.16.3 

func (c Claims) GetIssuedAt() (*jwt.NumericDate, error)

GetIssuedAt returns the Issued At ("iat") claim. If the claim does not exist, nil is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetIssuer added in v2.16.3 

func (c Claims) GetIssuer() (string, error)

GetIssuer returns the Issuer ("iss") claim. If the claim does not exist, nil is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetName added in v2.16.3 

func (c Claims) GetName() (string, error)

GetName returns the Name ("n") claim. If the claim does not exist, an empty string is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetNotBefore added in v2.16.3 

func (c Claims) GetNotBefore() (*jwt.NumericDate, error)

GetNotBefore returns the Not Before ("nbf") claim. If the claim does not exist, nil is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetOwner added in v2.16.3 

func (c Claims) GetOwner(ownerClaim string) (string, error)

GetOwner returns the Owner ("owner") claim. If the claim does not exist, an empty string is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetScope added in v2.16.3 

func (c Claims) GetScope() (jwt.ClaimStrings, error)

GetScope returns the Scope ("scope") claim. If the claim does not exist, nil is returned. If the claim has the wrong type, an error is returned.

func (Claims) GetSubject added in v2.16.3 

func (c Claims) GetSubject() (string, error)

GetSubject returns the Subject ("sub") claim. If the claim does not exist, nil is returned. If the claim has the wrong type, an error is returned.

func (Claims) ValidateOwnerClaim 

func (c Claims) ValidateOwnerClaim(ownerClaim string, userID string) error

ValidateOwnerClaim validates that ownerClaim is set and that it matches given user ID

type HTTPClient added in v2.23.0 

type HTTPClient struct {
	*http.Client
	// contains filtered or unexported fields
}

func NewHTTPClient added in v2.23.0 

func NewHTTPClient(client *http.Client, tokenEndpoint string) *HTTPClient

func (*HTTPClient) VerifyTokenByRequest added in v2.23.0 

func (c *HTTPClient) VerifyTokenByRequest(ctx context.Context, token, tokenID string) (*pb.Token, error)

type KeyCache 

type KeyCache struct {
	// contains filtered or unexported fields
}

func NewKeyCache 

func NewKeyCache(url string, client *http.Client) *KeyCache

func (*KeyCache) FetchKeys 

func (c *KeyCache) FetchKeys() error

func (*KeyCache) FetchKeysWithContext 

func (c *KeyCache) FetchKeysWithContext(ctx context.Context) error

func (*KeyCache) GetKey 

func (c *KeyCache) GetKey(token *jwt.Token) (interface{}, error)

func (*KeyCache) GetOrFetchKey 

func (c *KeyCache) GetOrFetchKey(token *jwt.Token) (interface{}, error)

func (*KeyCache) GetOrFetchKeyWithContext 

func (c *KeyCache) GetOrFetchKeyWithContext(ctx context.Context, token *jwt.Token) (interface{}, error)

func (*KeyCache) LookupKey 

func (c *KeyCache) LookupKey(token *jwt.Token) (jwk.Key, error)

type KeyCacheI added in v2.21.0 

type KeyCacheI interface {
	GetOrFetchKey(token *jwt.Token) (interface{}, error)
	GetOrFetchKeyWithContext(ctx context.Context, token *jwt.Token) (interface{}, error)
}

type MultiKeyCache added in v2.21.0 

type MultiKeyCache struct {
	// contains filtered or unexported fields
}

func NewMultiKeyCache added in v2.21.0 

func NewMultiKeyCache() *MultiKeyCache

func (*MultiKeyCache) Add added in v2.21.0 

func (c *MultiKeyCache) Add(authority, url string, client *http.Client)

func (*MultiKeyCache) GetOrFetchKey added in v2.21.0 

func (c *MultiKeyCache) GetOrFetchKey(token *jwt.Token) (interface{}, error)

func (*MultiKeyCache) GetOrFetchKeyWithContext added in v2.21.0 

func (c *MultiKeyCache) GetOrFetchKeyWithContext(ctx context.Context, token *jwt.Token) (interface{}, error)

type Option added in v2.23.0 

type Option interface {
	// contains filtered or unexported methods
}

func WithTrustVerification added in v2.23.0 

func WithTrustVerification(clients map[string]TokenIssuerClient, cacheExpiration time.Duration, stop <-chan struct{}) Option

type ScopeClaims 

type ScopeClaims Claims

func NewRegexpScopeClaims 

func NewRegexpScopeClaims(scope ...*regexp.Regexp) *ScopeClaims

func NewScopeClaims 

func NewScopeClaims(scope ...string) *ScopeClaims

func (*ScopeClaims) GetAudience added in v2.16.3 

func (c *ScopeClaims) GetAudience() (jwt.ClaimStrings, error)

func (*ScopeClaims) GetExpirationTime added in v2.16.3 

func (c *ScopeClaims) GetExpirationTime() (*jwt.NumericDate, error)

func (*ScopeClaims) GetID added in v2.23.0 

func (c *ScopeClaims) GetID() (string, error)

func (*ScopeClaims) GetIssuedAt added in v2.16.3 

func (c *ScopeClaims) GetIssuedAt() (*jwt.NumericDate, error)

func (*ScopeClaims) GetIssuer added in v2.16.3 

func (c *ScopeClaims) GetIssuer() (string, error)

func (*ScopeClaims) GetNotBefore added in v2.16.3 

func (c *ScopeClaims) GetNotBefore() (*jwt.NumericDate, error)

func (*ScopeClaims) GetSubject added in v2.16.3 

func (c *ScopeClaims) GetSubject() (string, error)

func (*ScopeClaims) Validate added in v2.16.3 

func (c *ScopeClaims) Validate() error

type TokenCache added in v2.23.0 

type TokenCache struct {
	// contains filtered or unexported fields
}

func NewTokenCache added in v2.23.0 

func NewTokenCache(clients map[string]TokenIssuerClient, expiration time.Duration, logger log.Logger) *TokenCache

func (*TokenCache) CheckExpirations added in v2.23.0 

func (t *TokenCache) CheckExpirations(now time.Time)

func (*TokenCache) VerifyTrust added in v2.23.0 

func (t *TokenCache) VerifyTrust(ctx context.Context, issuer, token string, tokenClaims jwt.Claims) error

type TokenIssuerClient added in v2.23.0 

type TokenIssuerClient interface {
	VerifyTokenByRequest(ctx context.Context, token, tokenID string) (*pb.Token, error)
}

type Validator 

type Validator struct {
	// contains filtered or unexported fields
}

func NewValidator 

func NewValidator(keyCache KeyCacheI, logger log.Logger, opts ...Option) *Validator

func (*Validator) Parse 

func (v *Validator) Parse(token string) (jwt.MapClaims, error)

func (*Validator) ParseWithClaims 

func (v *Validator) ParseWithClaims(ctx context.Context, token string, claims jwt.Claims) error

func (*Validator) ParseWithContext 

func (v *Validator) ParseWithContext(ctx context.Context, token string) (jwt.MapClaims, error)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.