Documentation
¶
Index ¶
- Constants
- Variables
- func DecodeSegment(seg string) ([]byte, error)
- func EncodeSegment(seg []byte) string
- type Header
- type IClaims
- type Option
- type Signer
- type SigningMethod
- type SigningMethodHMAC
- type StandardClaims
- func (c StandardClaims) Valid() error
- func (c *StandardClaims) VerifyAudience(cmp string, req bool) bool
- func (c *StandardClaims) VerifyExpiresAt(cmp int64, req bool) bool
- func (c *StandardClaims) VerifyIssuedAt(cmp int64, req bool) bool
- func (c *StandardClaims) VerifyIssuer(cmp string, req bool) bool
- func (c *StandardClaims) VerifyNotBefore(cmp int64, req bool) bool
- type Token
- type ValidationError
Constants ¶
const ( ValidationErrorMalformed uint32 = 1 << iota // Token is malformed ValidationErrorUnverifiable // Token could not be verified because of signing problems ValidationErrorSignatureInvalid // Signature validation failed // ValidationErrorAudience Standard Claim validation errors ValidationErrorAudience // AUD validation failed ValidationErrorExpired // EXP validation failed ValidationErrorIssuedAt // IAT validation failed ValidationErrorIssuer // ISS validation failed ValidationErrorNotValidYet // NBF validation failed ValidationErrorId // JTI validation failed ValidationErrorClaimsInvalid // Generic claims validation error )
The errors that might occur when parsing and validating a token
Variables ¶
var ( ErrInvalidKey = errors.New("key is invalid") ErrInvalidKeyType = errors.New("key is of invalid type") ErrSignatureInvalid = errors.New("signature is invalid") )
Error constants
var TimeFunc = time.Now
Functions ¶
func DecodeSegment ¶
DecodeSegment Decode JWT specific base64url encoding with padding stripped
func EncodeSegment ¶
EncodeSegment Encode JWT specific base64url encoding with padding stripped
Types ¶
type SigningMethod ¶
type SigningMethod interface {
Verify(signingString, signature string, key []byte) error // Returns nil if signature is valid
Sign(signingString string, key []byte) (string, error) // Returns encoded signature or error
Alg() Signer // returns the alg identifier for this method (example: 'HS256')
}
SigningMethod Implement SigningMethod to add new methods for signing or verifying tokens.
func GetSigningMethod ¶
func GetSigningMethod(alg Signer) SigningMethod
func NewSigningMethodHMAC ¶
func NewSigningMethodHMAC() SigningMethod
type SigningMethodHMAC ¶
func (*SigningMethodHMAC) Alg ¶
func (m *SigningMethodHMAC) Alg() Signer
type StandardClaims ¶
type StandardClaims struct {
Audience string `json:"aud,omitempty"`
ExpiresAt int64 `json:"exp,omitempty"`
Id string `json:"jti,omitempty"`
IssuedAt int64 `json:"iat,omitempty"`
Issuer string `json:"iss,omitempty"`
NotBefore int64 `json:"nbf,omitempty"`
Subject string `json:"sub,omitempty"`
}
StandardClaims Structured version of Claims Section, as referenced at https://tools.ietf.org/html/rfc7519#section-4.1 See examples for how to use this with your own claim types
func (StandardClaims) Valid ¶
func (c StandardClaims) Valid() error
Valid Validates time based claims "exp, iat, nbf". There is no accounting for clock skew. As well, if any of the above claims are not in the token, it will still be considered a valid claim.
func (*StandardClaims) VerifyAudience ¶
func (c *StandardClaims) VerifyAudience(cmp string, req bool) bool
VerifyAudience Compares the aud claim against cmp. If required is false, this method will return true if the value matches or is unset
func (*StandardClaims) VerifyExpiresAt ¶
func (c *StandardClaims) VerifyExpiresAt(cmp int64, req bool) bool
VerifyExpiresAt Compares the exp claim against cmp. If required is false, this method will return true if the value matches or is unset
func (*StandardClaims) VerifyIssuedAt ¶
func (c *StandardClaims) VerifyIssuedAt(cmp int64, req bool) bool
VerifyIssuedAt Compares the iat claim against cmp. If required is false, this method will return true if the value matches or is unset
func (*StandardClaims) VerifyIssuer ¶
func (c *StandardClaims) VerifyIssuer(cmp string, req bool) bool
VerifyIssuer Compares the iss claim against cmp. If required is false, this method will return true if the value matches or is unset
func (*StandardClaims) VerifyNotBefore ¶
func (c *StandardClaims) VerifyNotBefore(cmp int64, req bool) bool
VerifyNotBefore Compares the nbf claim against cmp. If required is false, this method will return true if the value matches or is unset
type Token ¶
type Token[C IClaims] struct { Raw string // The raw token. Populated when you Parse a token SigningMethod SigningMethod // The signing method used or to be used Header Header // The first segment of the token Claims C // The second segment of the token Signature string // The third segment of the token. Populated when you Parse a token Valid bool // Is the token valid? Populated when you Parse/Verify a token }
func (*Token[C]) SignedString ¶
SignedString Get the complete, signed token
func (*Token[C]) SigningString ¶
SigningString Generate the signing string. This is the most expensive part of the whole deal. Unless you need this for something special, just go straight for the SignedString.
type ValidationError ¶
type ValidationError struct {
Inner error // stores the error returned by external dependencies, i.e.: KeyFunc
Errors uint32 // bitfield. see ValidationError... constants
// contains filtered or unexported fields
}
ValidationError The error from Parse if token is not valid
func NewValidationError ¶
func NewValidationError(errorText string, errorFlags uint32) *ValidationError
NewValidationError Helper for constructing a ValidationError with a string error message
func (ValidationError) Error ¶
func (e ValidationError) Error() string
Validation error is an error type
Source Files