Documentation
¶
Overview ¶
Package jwks provides both local and remote JWT Key Set access token verifiers.
Index ¶
Constants ¶
This section is empty.
Variables ¶
Functions ¶
This section is empty.
Types ¶
type LocalKeySet ¶
type LocalKeySet struct {
// contains filtered or unexported fields
}
func NewLocalKeySet ¶
func NewLocalKeySet(keys jose.JSONWebKeySet) *LocalKeySet
func (*LocalKeySet) VerifySignature ¶
type RemoteKeySet ¶
type RemoteKeySet struct {
// contains filtered or unexported fields
}
RemoteKeySet handles verification of JSON Web Signatures based on public keys from a remote JWKS URL. If a verification of a signature fails because the signing key is unknown, the RemoteKeySet will automatically query the remote JWKS url for new keys.
func NewRemoteKeySet ¶
func NewRemoteKeySet(background context.Context, url string) *RemoteKeySet
func (*RemoteKeySet) VerifySignature ¶
func (ks *RemoteKeySet) VerifySignature(ctx context.Context, jws string) (payload []byte, err error)
VerifySignature will check that the provided JWS has a valid signature from a key included in this RemoteKeySet. Returns nil if the signature is valid, or a non-nil error otherwise. This function may make a network request to refresh the local cache of the remote key set, if the local cache cannot verify the token. It verifies only the signature - it does not verify any claims in the payload, or inspect the payload in any way!
Source Files