Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrSignatureNoKey = errors.New("unable to find a key for this signature: either it was not provided or it was not recovered from the information in the JWT") ErrSignatureNetwork = errors.New("request error when fetching discovery document of jwk set") ErrUnsupportedAlg = errors.New("the given signature algorithm is not supported") )
Functions ¶
func IsValid ¶
IsValid returns true if the given string is a valid jwt The function does NOT return why the string is not a valid. This task is delegated to the parser and in general parsing should be preferred to validation.
func VerifySignature ¶
func VerifySignature(jws string, keyStore []JwkSignatureKeysModel) (bool, error)
VerifySignature checks if signature is valid. The function currently assumed that the token is an OIDC id token and only RS256 signature is supported. This information is used to fetch the public key that validates the signature.
Types ¶
type FileJwtSource ¶
type FileJwtSource struct {
// contains filtered or unexported fields
}
FileJwtSource reads a jwt from a file
func (*FileJwtSource) GetJwt ¶
func (f *FileJwtSource) GetJwt() (string, error)
type JwkSignatureKeysModel ¶
type JwkSignatureKeysModel struct { Kty string `json:"kty"` // either: EC, RSA, oth Use string `json:"use"` // must be "sign" KeyOps string `json:"key_ops"` Alg string `json:"alg"` Kid string `json:"kid"` X5u string `json:"x5u"` // x509 url: where to download a public key certificate or certificate chain X5c string `json:"x5c"` // contains a chain of one or more PKIX certificates X5t string `json:"x5t"` // certificate SHA-1 thumbprint // RSA: public E string `json:"e"` N string `json:"n"` // RSA: private ("oth" not supported) D string `json:"d"` P string `json:"p"` DP string `json:"dp"` DQ string `json:"dq"` QI string `json:"qi"` // EC: public Crv string `json:"crv"` // either: P-256, P-384, P-521 X string `json:"x"` Y string `json:"y"` // Oth OthK string `json:"k"` // base64url encoding of the octet sequence }
JwkSignatureKeysModel is a polymorphic model whose full interpretation depends on the "use" and "alg". Moreover, the same "use" and "alg" might have multiple interpretations if, say, the key includes both private and public information or just public information.
func PKCStore ¶
func PKCStore(j *Jwt) ([]JwkSignatureKeysModel, error)
type Jwt ¶
Jwt is a wrapper for a JWT. The head and claims in the struct are guaranteed to be valid json strings, while the string is encoded in format base64 url encoding
func ParseJwt ¶
ParseJwt decode a string to jwt internal struct return error if the string cannot represent a JWT
func (*Jwt) StringWithOpts ¶
type PublicESModel ¶
type PublicRSAModel ¶
type StdinJwtSource ¶
type StdinJwtSource struct {
// contains filtered or unexported fields
}
StdinJwtSource is a wrapper for a JWT that is passed in the program froms stdin
func (*StdinJwtSource) GetJwt ¶
func (s *StdinJwtSource) GetJwt() (string, error)
type UrlJwtSource ¶
type UrlJwtSource struct {
// contains filtered or unexported fields
}
UrlJwtSource finds a JWT from an HTTP GET request
func (*UrlJwtSource) GetJwt ¶
func (u *UrlJwtSource) GetJwt() (string, error)