Documentation ¶
Index ¶
- Constants
- func GenerateKeyID(priv interface{}) (string, error)
- type Claims
- type Options
- func WithAudience(s string) Options
- func WithClaim(name string, value interface{}) Options
- func WithIssuer(s string) Options
- func WithJWTID(s string) Options
- func WithKid(s string) Options
- func WithRootCA(path string) Options
- func WithSANS(sans []string) Options
- func WithSubject(s string) Options
- func WithValidity(notBefore, expiration time.Time) Options
- type Token
Constants ¶
const ( // DefaultIssuer when generating tokens. DefaultIssuer = "step-cli" // DefaultAudience when generating tokens. DefaultAudience = "https://ca/sign" // MinValidity token validity token duration. MinValidity = 10 * time.Second // MaxValidity token validity token duration. MaxValidity = 1 * time.Hour // DefaultValidity token validity duration. DefaultValidity = 5 * time.Minute // MaxValidityDelay allowable delay between Now and beginning of token validity period. MaxValidityDelay = 30 * time.Minute )
const RootSHAClaim = "sha"
RootSHAClaim is the property name for a JWT claim that stores the SHA256 of a root certificate.
const SANSClaim = "sans"
SANSClaim is the property name for a JWT claim that stores the list of required subject alternative names.
Variables ¶
This section is empty.
Functions ¶
func GenerateKeyID ¶
GenerateKeyID returns the SHA256 of a public key.
Types ¶
type Claims ¶
type Claims struct { jose.Claims ExtraClaims map[string]interface{} ExtraHeaders map[string]interface{} }
Claims represents the claims that a token might have.
func DefaultClaims ¶
func DefaultClaims() *Claims
DefaultClaims returns the default claims of any token.
type Options ¶
Options is a function that set claims.
func WithAudience ¶
WithAudience returns a Options that sets the audience to use in the token claims. If Audience is not used the default audience will be used.
func WithIssuer ¶
WithIssuer returns an Options function that sets the issuer to use in the token claims. If Issuer is not used the default issuer will be used.
func WithJWTID ¶
WithJWTID returns a Options that sets the jwtID to use in the token claims. If WithJWTID is not used a random identifier will be used.
func WithKid ¶
WithKid returns a Options that sets the header kid claims. If WithKid is not used a thumbprint using SHA256 will be used.
func WithRootCA ¶
WithRootCA returns an Options function that calculates the SHA256 of the given root certificate to be used in the token claims. If this method it's not used the default root certificate in the $STEPPATH secrets directory will be used.
func WithSANS ¶ added in v0.8.4
WithSANS returns an Options function that sets the list of required SANs in the token claims.
func WithSubject ¶
WithSubject returns an Options that sets the subject to use in the token claims.
func WithValidity ¶
WithValidity validates boundary inputs and sets the 'nbf' (NotBefore) and 'exp' (expiration) options.