Documentation ¶
Index ¶
- Constants
- Variables
- func FindKeyByPrefix(set *jose.JSONWebKeySet, prefix string) (key *jose.JSONWebKey, err error)
- func FindKeysByPrefix(set *jose.JSONWebKeySet, prefix string) (*jose.JSONWebKeySet, error)
- func First(keys []jose.JSONWebKey) *jose.JSONWebKey
- func MustRSAPrivate(key *jose.JSONWebKey) *rsa.PrivateKey
- func MustRSAPublic(key *jose.JSONWebKey) *rsa.PublicKey
- func PEMBlockForKey(key interface{}) (*pem.Block, error)
- func RandomBytes(n int) ([]byte, error)
- func TestHelperManagerKey(m Manager, keys *jose.JSONWebKeySet, suffix string) func(t *testing.T)
- func TestHelperManagerKeySet(m Manager, keys *jose.JSONWebKeySet, suffix string) func(t *testing.T)
- func ToRSAPrivate(key *jose.JSONWebKey) (*rsa.PrivateKey, error)
- func ToRSAPublic(key *jose.JSONWebKey) (*rsa.PublicKey, error)
- type AEAD
- type ECDSA256Generator
- type ECDSA512Generator
- type HS256Generator
- type HS512Generator
- type Handler
- func (h *Handler) Create(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) DeleteKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) DeleteKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) GetGenerators() map[string]KeyGenerator
- func (h *Handler) GetKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) GetKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) SetRoutes(frontend, backend *httprouter.Router)
- func (h *Handler) UpdateKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) UpdateKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) WellKnown(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- type JWTStrategy
- type KeyGenerator
- type Manager
- type MemoryManager
- func (m *MemoryManager) AddKey(set string, key *jose.JSONWebKey) error
- func (m *MemoryManager) AddKeySet(set string, keys *jose.JSONWebKeySet) error
- func (m *MemoryManager) DeleteKey(set, kid string) error
- func (m *MemoryManager) DeleteKeySet(set string) error
- func (m *MemoryManager) GetKey(set, kid string) (*jose.JSONWebKeySet, error)
- func (m *MemoryManager) GetKeySet(set string) (*jose.JSONWebKeySet, error)
- type RS256Generator
- type RS256JWTStrategy
- func (j *RS256JWTStrategy) Decode(token string) (*jwt2.Token, error)
- func (j *RS256JWTStrategy) Generate(claims jwt2.Claims, header jwt.Mapper) (string, string, error)
- func (j *RS256JWTStrategy) GetPublicKeyID() (string, error)
- func (j *RS256JWTStrategy) GetSignature(token string) (string, error)
- func (j *RS256JWTStrategy) GetSigningMethodLength() int
- func (j *RS256JWTStrategy) Hash(in []byte) ([]byte, error)
- func (j *RS256JWTStrategy) Validate(token string) (string, error)
- type SQLManager
- func (m *SQLManager) AddKey(set string, key *jose.JSONWebKey) error
- func (m *SQLManager) AddKeySet(set string, keys *jose.JSONWebKeySet) error
- func (m *SQLManager) CreateSchemas() (int, error)
- func (m *SQLManager) DeleteKey(set, kid string) error
- func (m *SQLManager) DeleteKeySet(set string) error
- func (m *SQLManager) GetKey(set, kid string) (*jose.JSONWebKeySet, error)
- func (m *SQLManager) GetKeySet(set string) (*jose.JSONWebKeySet, error)
- func (m *SQLManager) RotateKeys(new *AEAD) error
Constants ¶
const ( IDTokenKeyName = "hydra.openid.id-token" KeyHandlerPath = "/keys" WellKnownKeysPath = "/.well-known/jwks.json" )
Variables ¶
var Migrations = &migrate.MemoryMigrationSource{ Migrations: []*migrate.Migration{ { Id: "1", Up: []string{ `CREATE TABLE IF NOT EXISTS hydra_jwk ( sid varchar(255) NOT NULL, kid varchar(255) NOT NULL, version int NOT NULL DEFAULT 0, keydata text NOT NULL, PRIMARY KEY (sid, kid) )`, }, Down: []string{ "DROP TABLE hydra_jwk", }, }, { Id: "2", Up: []string{ `ALTER TABLE hydra_jwk ADD created_at TIMESTAMP NOT NULL DEFAULT NOW()`, }, Down: []string{ `ALTER TABLE hydra_jwk DROP COLUMN created_at`, }, }, { Id: "3", Up: []string{ `DELETE FROM hydra_jwk WHERE sid='hydra.openid.id-token'`, }, Down: []string{}, }, }, }
Functions ¶
func FindKeyByPrefix ¶ added in v0.11.10
func FindKeysByPrefix ¶ added in v0.11.10
func MustRSAPrivate ¶
func MustRSAPrivate(key *jose.JSONWebKey) *rsa.PrivateKey
func MustRSAPublic ¶
func PEMBlockForKey ¶
func RandomBytes ¶ added in v0.9.3
func TestHelperManagerKey ¶ added in v0.9.3
func TestHelperManagerKeySet ¶ added in v0.9.3
func ToRSAPrivate ¶
func ToRSAPrivate(key *jose.JSONWebKey) (*rsa.PrivateKey, error)
func ToRSAPublic ¶
Types ¶
type ECDSA256Generator ¶
type ECDSA256Generator struct{}
func (*ECDSA256Generator) Generate ¶
func (g *ECDSA256Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)
type ECDSA512Generator ¶ added in v0.10.0
type ECDSA512Generator struct{}
func (*ECDSA512Generator) Generate ¶ added in v0.10.0
func (g *ECDSA512Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)
type HS256Generator ¶
type HS256Generator struct{}
func (*HS256Generator) Generate ¶
func (g *HS256Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)
type HS512Generator ¶ added in v0.10.0
type HS512Generator struct{}
func (*HS512Generator) Generate ¶ added in v0.10.0
func (g *HS512Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)
type Handler ¶
type Handler struct { Manager Manager Generators map[string]KeyGenerator H herodot.Writer WellKnownKeys []string }
func NewHandler ¶
func (*Handler) Create ¶
func (h *Handler) Create(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route POST /keys/{set} jsonWebKey createJsonWebKeySet
Generate a new JSON Web Key ¶
This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created.
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.
Consumes: - application/json Produces: - application/json Schemes: http, https Responses: 200: jsonWebKeySet 401: genericError 403: genericError 500: genericError
func (*Handler) DeleteKey ¶
func (h *Handler) DeleteKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route DELETE /keys/{set}/{kid} jsonWebKey deleteJsonWebKey
Delete a JSON Web Key ¶
Use this endpoint to delete a single JSON Web Key.
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.
Consumes: - application/json Produces: - application/json Schemes: http, https Responses: 204: emptyResponse 401: genericError 403: genericError 500: genericError
func (*Handler) DeleteKeySet ¶
func (h *Handler) DeleteKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route DELETE /keys/{set} jsonWebKey deleteJsonWebKeySet
Delete a JSON Web Key Set ¶
Use this endpoint to delete a complete JSON Web Key Set and all the keys in that set.
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.
Consumes: - application/json Produces: - application/json Schemes: http, https Responses: 204: emptyResponse 401: genericError 403: genericError 500: genericError
func (*Handler) GetGenerators ¶
func (h *Handler) GetGenerators() map[string]KeyGenerator
func (*Handler) GetKey ¶
func (h *Handler) GetKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route GET /keys/{set}/{kid} jsonWebKey getJsonWebKey
Retrieve a JSON Web Key ¶
This endpoint can be used to retrieve JWKs stored in ORY Hydra.
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.
Consumes: - application/json Produces: - application/json Schemes: http, https Responses: 200: jsonWebKeySet 401: genericError 403: genericError 500: genericError
func (*Handler) GetKeySet ¶
func (h *Handler) GetKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route GET /keys/{set} jsonWebKey getJsonWebKeySet
Retrieve a JSON Web Key Set ¶
This endpoint can be used to retrieve JWK Sets stored in ORY Hydra.
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.
Consumes: - application/json Produces: - application/json Schemes: http, https Responses: 200: jsonWebKeySet 401: genericError 403: genericError 500: genericError
func (*Handler) SetRoutes ¶
func (h *Handler) SetRoutes(frontend, backend *httprouter.Router)
func (*Handler) UpdateKey ¶
func (h *Handler) UpdateKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route PUT /keys/{set}/{kid} jsonWebKey updateJsonWebKey
Update a JSON Web Key ¶
Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own.
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.
Consumes: - application/json Produces: - application/json Schemes: http, https Responses: 200: jsonWebKey 401: genericError 403: genericError 500: genericError
func (*Handler) UpdateKeySet ¶
func (h *Handler) UpdateKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route PUT /keys/{set} jsonWebKey updateJsonWebKeySet
Update a JSON Web Key Set ¶
Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own.
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.
Consumes: - application/json Produces: - application/json Schemes: http, https Responses: 200: jsonWebKeySet 401: genericError 403: genericError 500: genericError
func (*Handler) WellKnown ¶ added in v0.8.2
func (h *Handler) WellKnown(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route GET /.well-known/jwks.json oAuth2 wellKnown
Get Well-Known JSON Web Keys ¶
Returns metadata for discovering important JSON Web Keys. Currently, this endpoint returns the public key for verifying OpenID Connect ID Tokens.
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.
Consumes: - application/json Produces: - application/json Schemes: http, https Responses: 200: jsonWebKeySet 401: genericError 403: genericError 500: genericError
type JWTStrategy ¶
type JWTStrategy interface { GetPublicKeyID() (string, error) jwt.JWTStrategy }
type KeyGenerator ¶
type MemoryManager ¶
func (*MemoryManager) AddKey ¶
func (m *MemoryManager) AddKey(set string, key *jose.JSONWebKey) error
func (*MemoryManager) AddKeySet ¶
func (m *MemoryManager) AddKeySet(set string, keys *jose.JSONWebKeySet) error
func (*MemoryManager) DeleteKey ¶
func (m *MemoryManager) DeleteKey(set, kid string) error
func (*MemoryManager) DeleteKeySet ¶
func (m *MemoryManager) DeleteKeySet(set string) error
func (*MemoryManager) GetKey ¶
func (m *MemoryManager) GetKey(set, kid string) (*jose.JSONWebKeySet, error)
func (*MemoryManager) GetKeySet ¶
func (m *MemoryManager) GetKeySet(set string) (*jose.JSONWebKeySet, error)
type RS256Generator ¶
type RS256Generator struct {
KeyLength int
}
func (*RS256Generator) Generate ¶
func (g *RS256Generator) Generate(id, use string) (*jose.JSONWebKeySet, error)
type RS256JWTStrategy ¶
type RS256JWTStrategy struct { RS256JWTStrategy *jwt.RS256JWTStrategy Manager Manager Set string // contains filtered or unexported fields }
func NewRS256JWTStrategy ¶
func NewRS256JWTStrategy(m Manager, set string) (*RS256JWTStrategy, error)
func (*RS256JWTStrategy) Decode ¶
func (j *RS256JWTStrategy) Decode(token string) (*jwt2.Token, error)
func (*RS256JWTStrategy) GetPublicKeyID ¶
func (j *RS256JWTStrategy) GetPublicKeyID() (string, error)
func (*RS256JWTStrategy) GetSignature ¶
func (j *RS256JWTStrategy) GetSignature(token string) (string, error)
func (*RS256JWTStrategy) GetSigningMethodLength ¶
func (j *RS256JWTStrategy) GetSigningMethodLength() int
GetSigningMethodLength will return the length of the signing method
type SQLManager ¶ added in v0.6.0
func NewSQLManager ¶
func NewSQLManager(db *sqlx.DB, key []byte) *SQLManager
func (*SQLManager) AddKey ¶ added in v0.6.0
func (m *SQLManager) AddKey(set string, key *jose.JSONWebKey) error
func (*SQLManager) AddKeySet ¶ added in v0.6.0
func (m *SQLManager) AddKeySet(set string, keys *jose.JSONWebKeySet) error
func (*SQLManager) CreateSchemas ¶ added in v0.6.0
func (m *SQLManager) CreateSchemas() (int, error)
func (*SQLManager) DeleteKey ¶ added in v0.6.0
func (m *SQLManager) DeleteKey(set, kid string) error
func (*SQLManager) DeleteKeySet ¶ added in v0.6.0
func (m *SQLManager) DeleteKeySet(set string) error
func (*SQLManager) GetKey ¶ added in v0.6.0
func (m *SQLManager) GetKey(set, kid string) (*jose.JSONWebKeySet, error)
func (*SQLManager) GetKeySet ¶ added in v0.6.0
func (m *SQLManager) GetKeySet(set string) (*jose.JSONWebKeySet, error)
func (*SQLManager) RotateKeys ¶
func (m *SQLManager) RotateKeys(new *AEAD) error