jwtsvid

package
v2.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 5, 2024 License: Apache-2.0 Imports: 7 Imported by: 27

Documentation

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Params

type Params struct {
	Audience       string
	ExtraAudiences []string
	Subject        spiffeid.ID
}

Params are JWT-SVID parameters used when fetching a new JWT-SVID.

type SVID

type SVID struct {
	// ID is the SPIFFE ID of the JWT-SVID as present in the 'sub' claim
	ID spiffeid.ID
	// Audience is the intended recipients of JWT-SVID as present in the 'aud' claim
	Audience []string
	// Expiry is the expiration time of JWT-SVID as present in 'exp' claim
	Expiry time.Time
	// Claims is the parsed claims from token
	Claims map[string]interface{}
	// Hint is an operator-specified string used to provide guidance on how this
	// identity should be used by a workload when more than one SVID is returned.
	Hint string
	// contains filtered or unexported fields
}

SVID represents a JWT-SVID.

func ParseAndValidate

func ParseAndValidate(token string, bundles jwtbundle.Source, audience []string) (*SVID, error)

ParseAndValidate parses and validates a JWT-SVID token and returns the JWT-SVID. The JWT-SVID signature is verified using the JWT bundle source.

Example
package main

import (
	"context"

	"github.com/spiffe/go-spiffe/v2/spiffeid"
	"github.com/spiffe/go-spiffe/v2/svid/jwtsvid"
	"github.com/spiffe/go-spiffe/v2/workloadapi"
)

func main() {
	td, err := spiffeid.TrustDomainFromString("example.org")
	if err != nil {
		// TODO: error handling
	}

	token := "TODO"
	audience := []string{spiffeid.RequireFromPath(td, "/server").String()}

	jwtSource, err := workloadapi.NewJWTSource(context.TODO())
	if err != nil {
		// TODO: error handling
	}
	defer jwtSource.Close()

	svid, err := jwtsvid.ParseAndValidate(token, jwtSource, audience)
	if err != nil {
		// TODO: error handling
	}

	// TODO: do something with the JWT-SVID
	svid = svid
}
Output:

func ParseInsecure

func ParseInsecure(token string, audience []string) (*SVID, error)

ParseInsecure parses and validates a JWT-SVID token and returns the JWT-SVID. The JWT-SVID signature is not verified.

func (*SVID) Marshal

func (svid *SVID) Marshal() string

Marshal returns the JWT-SVID marshaled to a string. The returned value is the same token value originally passed to ParseAndValidate.

type Source

type Source interface {
	// FetchJWTSVID fetches a JWT-SVID from the source with the given
	// parameters.
	FetchJWTSVID(ctx context.Context, params Params) (*SVID, error)
}

Source represents a source of JWT-SVIDs.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL