Documentation ¶
Overview ¶
Package jwt of the Tideland Go REST Server Library provides the generation, verification, and analyzing of JSON Web Tokens.
Index ¶
- Constants
- func AddTokenToRequest(req *http.Request, jwt JWT) *http.Request
- func NewContext(ctx context.Context, token JWT) context.Context
- type Algorithm
- type Cache
- type Claims
- func (c Claims) Audience() ([]string, bool)
- func (c Claims) Contains(key string) bool
- func (c Claims) Delete(key string) interface{}
- func (c Claims) DeleteAudience() []string
- func (c Claims) DeleteExpiration() time.Time
- func (c Claims) DeleteIdentifier() string
- func (c Claims) DeleteIssuedAt() time.Time
- func (c Claims) DeleteIssuer() string
- func (c Claims) DeleteNotBefore() time.Time
- func (c Claims) DeleteSubject() string
- func (c Claims) Expiration() (time.Time, bool)
- func (c Claims) Get(key string) (interface{}, bool)
- func (c Claims) GetBool(key string) (bool, bool)
- func (c Claims) GetFloat64(key string) (float64, bool)
- func (c Claims) GetInt(key string) (int, bool)
- func (c Claims) GetMarshalled(key string, v interface{}) (bool, error)
- func (c Claims) GetString(key string) (string, bool)
- func (c Claims) GetTime(key string) (time.Time, bool)
- func (c Claims) Identifier() (string, bool)
- func (c Claims) IsAlreadyValid(leeway time.Duration) bool
- func (c Claims) IsStillValid(leeway time.Duration) bool
- func (c Claims) IsValid(leeway time.Duration) bool
- func (c Claims) IssuedAt() (time.Time, bool)
- func (c Claims) Issuer() (string, bool)
- func (c Claims) Len() int
- func (c Claims) MarshalJSON() ([]byte, error)
- func (c Claims) NotBefore() (time.Time, bool)
- func (c Claims) Set(key string, value interface{}) interface{}
- func (c Claims) SetAudience(auds ...string) []string
- func (c Claims) SetExpiration(t time.Time) time.Time
- func (c Claims) SetIdentifier(id string) string
- func (c Claims) SetIssuedAt(t time.Time) time.Time
- func (c Claims) SetIssuer(issuer string) string
- func (c Claims) SetNotBefore(t time.Time) time.Time
- func (c Claims) SetSubject(subject string) string
- func (c Claims) SetTime(key string, t time.Time) time.Time
- func (c Claims) Subject() (string, bool)
- func (c *Claims) UnmarshalJSON(b []byte) error
- type JWT
- func Decode(token string) (JWT, error)
- func DecodeCachedFromJob(job rest.Job, cache Cache) (JWT, error)
- func DecodeFromJob(job rest.Job) (JWT, error)
- func Encode(claims Claims, key Key, algorithm Algorithm) (JWT, error)
- func FromContext(ctx context.Context) (JWT, bool)
- func Verify(token string, key Key) (JWT, error)
- func VerifyCachedFromJob(job rest.Job, cache Cache, key Key) (JWT, error)
- func VerifyFromJob(job rest.Job, key Key) (JWT, error)
- type Key
- type Signature
Constants ¶
const ( ErrCannotEncode = iota + 1 ErrCannotDecode ErrCannotSign ErrCannotVerify ErrNoKey ErrJSONMarshalling ErrJSONUnmarshalling ErrInvalidTokenPart ErrInvalidCombination ErrInvalidAlgorithm ErrInvalidKeyType ErrInvalidSignature ErrCannotReadPEM ErrCannotDecodePEM ErrCannotParseECDSA ErrNoECDSAKey ErrCannotParseRSA ErrNoRSAKey )
Error codes of the JWT package.
Variables ¶
This section is empty.
Functions ¶
func AddTokenToRequest ¶
AddTokenToRequest adds a token as header to a request for usage by a client.
Types ¶
type Algorithm ¶
type Algorithm string
Algorithm describes the algorithm used to sign a token.
const ( ES256 Algorithm = "ES256" ES384 Algorithm = "ES384" ES512 Algorithm = "ES512" HS256 Algorithm = "HS256" HS384 Algorithm = "HS384" HS512 Algorithm = "HS512" PS256 Algorithm = "PS256" PS384 Algorithm = "PS384" PS512 Algorithm = "PS512" RS256 Algorithm = "RS256" RS384 Algorithm = "RS384" RS512 Algorithm = "RS512" NONE Algorithm = "none" )
Definition of the supported algorithms.
type Cache ¶
type Cache interface { // Get tries to retrieve a token from the cache. Get(token string) (JWT, bool) // Put adds a token to the cache. Put(jwt JWT) int // Cleanup manually tells the cache to cleanup. Cleanup() // Stop tells the cache to end working. Stop() error }
Cache provides a caching for tokens so that these don't have to be decoded or verified multiple times.
func NewCache ¶
NewCache creates a new JWT caching. The ttl value controls the time a cached token may be unused before cleanup. The leeway is used for the time validation of the token itself. The duration of the interval controls how often the background cleanup is running. Final configuration parameter is the maximum number of entries inside the cache. If these grow too fast the ttl will be temporarily reduced for cleanup.
type Claims ¶
type Claims map[string]interface{}
Claims contains the claims of a token payload. The type also provides getters and setters for the reserved claims.
func (Claims) DeleteAudience ¶
DeleteAudience deletes the reserved "aud" claim. It returns a potential old value.
func (Claims) DeleteExpiration ¶
DeleteExpiration deletes the reserved "exp" claim. It returns a potential old value.
func (Claims) DeleteIdentifier ¶
DeleteIdentifier deletes the reserved "jti" claim. It returns a potential old value.
func (Claims) DeleteIssuedAt ¶
DeleteIssuedAt deletes the reserved "iat" claim. It returns a potential old value.
func (Claims) DeleteIssuer ¶
DeleteIssuer deletes the reserved "iss" claim. It returns a potential old value.
func (Claims) DeleteNotBefore ¶
DeleteNotBefore deletes the reserved "nbf" claim. It returns a potential old value.
func (Claims) DeleteSubject ¶
DeleteSubject deletes the reserved "sub" claim. It returns a potential old value.
func (Claims) Expiration ¶
Expiration retrieves the reserved "exp" claim.
func (Claims) GetBool ¶
GetBool retrieves a bool value. It also accepts the strings "1", "t", "T", "TRUE", "true", "True", "0", "f", "F", "FALSE", "false", and "False".
func (Claims) GetFloat64 ¶
GetFloat64 retrieves a float value.
func (Claims) GetMarshalled ¶
GetMarshalled unmarshalls the JSON value of the key and stores it in the value pointed to by v.
func (Claims) GetString ¶
GetString retrieves a string value. If it is no string it will be converted into a string.
func (Claims) GetTime ¶
GetTime retrieves a time value. Int, int32, int64, and float64 are valid types for the conversion. In case a string it is interpreted as RFC 3339 formatted time.
func (Claims) Identifier ¶
Identifier retrieves the reserved "jti" claim.
func (Claims) IsAlreadyValid ¶
IsAlreadyValid checks if the claim "nbf" is after the current time. The leeway is subtracted from the "nbf" time to account for clock skew.
func (Claims) IsStillValid ¶
IsStillValid checks if the claim "exp" is before the current time. The leeway is added to the "exp" time to account for clock skew.
func (Claims) MarshalJSON ¶
MarshalJSON implements the json.Marshaller interface even for nil or empty claims.
func (Claims) SetAudience ¶
SetAudience sets the reserved "aud" claim. It returns a potential old value.
func (Claims) SetExpiration ¶
SetExpiration sets the reserved "exp" claim. It returns a potential old value.
func (Claims) SetIdentifier ¶
SetIdentifier sets the reserved "jti" claim. It returns a potential old value.
func (Claims) SetIssuedAt ¶
SetIssuedAt sets the reserved "iat" claim. It returns a potential old value.
func (Claims) SetIssuer ¶
SetIssuer sets the reserved "iss" claim. It returns a potential old value.
func (Claims) SetNotBefore ¶
SetNotBefore sets the reserved "nbf" claim. It returns a potential old value.
func (Claims) SetSubject ¶
SetSubject sets the reserved "sub" claim. It returns a potential old value.
func (*Claims) UnmarshalJSON ¶
UnmarshalJSON implements the json.Marshaller interface.
type JWT ¶
type JWT interface { // Stringer provides the String() method. fmt.Stringer // Claims returns the claims payload of the token. Claims() Claims // Key return the key of the token only when // it is a result of encoding or verification. Key() (Key, error) // Algorithm returns the algorithm of the token // after encoding, decoding, or verification. Algorithm() Algorithm // IsValid is a convenience method checking the // registered claims if the token is valid. IsValid(leeway time.Duration) bool }
JWT describes the interface to access the parts of a JSON Web Token.
func DecodeCachedFromJob ¶
DecodeCachedFromJob retrieves a possible JWT from the request inside a REST job and checks if it already is cached. The JWT is only decoded. In case of no error the token is added to the cache.
func DecodeFromJob ¶
DecodeFromJob retrieves a possible JWT from the request inside a REST job. The JWT is only decoded.
func FromContext ¶
FromContext returns the token stored in ctx, if any.
func VerifyCachedFromJob ¶
VerifyCachedFromJob retrieves a possible JWT from the request inside a REST job and checks if it already is cached. The JWT is verified. In case of no error the token is added to the cache.
type Key ¶
type Key interface{}
Key is the used key to sign a token. The real implementation controls signing and verification.
func ReadECPrivateKey ¶
ReadECPrivateKey reads a PEM formated ECDSA private key from the passed reader.
func ReadECPublicKey ¶
ReadECPublicKey reads a PEM encoded ECDSA public key from the passed reader.
func ReadRSAPrivateKey ¶
ReadRSAPrivateKey reads a PEM encoded PKCS1 or PKCS8 private key from the passed reader.