Documentation
¶
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type SVID ¶
type SVID struct {
// ID is the SPIFFE ID of the JWT-SVID as present in the 'sub' claim
ID spiffeid.ID
// Audience is the intended recipients of JWT-SVID as present in the 'aud' claim
Audience []string
// Expiry is the expiration time of JWT-SVID as present in 'exp' claim
Expiry time.Time
// Claims is the parsed claims from token
Claims map[string]interface{}
// Hint is an operator-specified string used to provide guidance on how this
// identity should be used by a workload when more than one SVID is returned.
Hint string
// contains filtered or unexported fields
}
SVID represents a JWT-SVID.
func ParseAndValidate ¶
ParseAndValidate parses and validates a JWT-SVID token and returns the JWT-SVID. The JWT-SVID signature is verified using the JWT bundle source.
Example ¶
package main
import (
"context"
"github.com/spiffe/go-spiffe/v2/spiffeid"
"github.com/spiffe/go-spiffe/v2/svid/jwtsvid"
"github.com/spiffe/go-spiffe/v2/workloadapi"
)
func main() {
td, err := spiffeid.TrustDomainFromString("example.org")
if err != nil {
// TODO: error handling
}
token := "TODO"
audience := []string{spiffeid.RequireFromPath(td, "/server").String()}
jwtSource, err := workloadapi.NewJWTSource(context.TODO())
if err != nil {
// TODO: error handling
}
defer jwtSource.Close()
svid, err := jwtsvid.ParseAndValidate(token, jwtSource, audience)
if err != nil {
// TODO: error handling
}
// TODO: do something with the JWT-SVID
svid = svid
}
Output:
func ParseInsecure ¶
ParseInsecure parses and validates a JWT-SVID token and returns the JWT-SVID. The JWT-SVID signature is not verified.
Source Files
Click to show internal directories.
Click to hide internal directories.