jose

package
v0.1.10 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 6, 2024 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrKeyFormat is raised when something is wrong with the
	// encryption keys.
	ErrKeyFormat = errors.New("key format error")

	// ErrTokenVerification is raised when token verification fails.
	ErrTokenVerification = errors.New("failed to verify token")

	// ErrContextError is raised when a required value cannot be retrieved
	// from a context.
	ErrContextError = errors.New("value missing from context")
)

Functions

This section is empty.

Types

type JWTIssuer

type JWTIssuer struct {
	// contains filtered or unexported fields
}

JWTIssuer is in charge of API token issue and verification. It is expected that the keys come from a mounted kubernetes.io/tls secret, and that is managed by cert-manager. As a result the keys will rotate every 60 days (by default), so you MUST ensure they are not cached in perpetuity. Additionally, due to horizontal scale-out these secrets need to be shared between all replicas so that a token issued by one, can be verified by another. As such if you ever do cache the certificate load, it will need to be coordinated between all instances.

func NewJWTIssuer

func NewJWTIssuer(options *Options) *JWTIssuer

NewJWTIssuer returns a new JWT issuer and validator.

func (*JWTIssuer) DecodeJWEToken

func (i *JWTIssuer) DecodeJWEToken(tokenString string, claims interface{}) error

func (*JWTIssuer) DecodeJWT added in v0.1.2

func (i *JWTIssuer) DecodeJWT(tokenString string, claims interface{}) error

func (*JWTIssuer) EncodeJWEToken

func (i *JWTIssuer) EncodeJWEToken(claims interface{}) (string, error)

func (*JWTIssuer) EncodeJWT

func (i *JWTIssuer) EncodeJWT(claims interface{}) (string, error)

func (*JWTIssuer) GetKeyPair

func (i *JWTIssuer) GetKeyPair() (any, crypto.PrivateKey, string, error)

GetKeyPair returns the public key, private key and key id from the configuration data. The key id is inspired by X.509 subject key identifiers, so a hash over the subject public key info.

func (*JWTIssuer) JWKS

func (i *JWTIssuer) JWKS() (*jose.JSONWebKeySet, error)

type Options

type Options struct {
	// TLSKeyPath identifies where to get the JWE/JWS private key from.
	TLSKeyPath string

	// TLSCertPath identifies where to get the JWE/JWS public key from.
	TLSCertPath string
}

func (*Options) AddFlags

func (o *Options) AddFlags(f *pflag.FlagSet)

AddFlags registers flags with the provided flag set.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL