jwt

package
v0.0.0-...-b40c5a5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 28, 2018 License: MIT Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrSigningMethodMismatch is the error returned when token is signed with the method other than verified
	ErrSigningMethodMismatch = errors.New("signing method mismatch")
	// ErrFailedToParseToken is the error returned when token is failed to parse and validate against secret and expiration date
	ErrFailedToParseToken = errors.New("failed to parse token")
	// ErrUnsupportedSigningMethod is the error returned when token is signed with unsupported by the library method
	ErrUnsupportedSigningMethod = errors.New("unsupported signing method")
	// ErrInvalidPEMBlock is the error returned for keys expected to be PEM-encoded
	ErrInvalidPEMBlock = errors.New("invalid RSA: not PEM-encoded")
	// ErrNotRSAPublicKey is the error returned for invalid RSA public key
	ErrNotRSAPublicKey = errors.New("invalid RSA: expected PUBLIC KEY block type")
	// ErrBadPublicKey is the error returned for invalid RSA public key
	ErrBadPublicKey = errors.New("invalid RSA: failed to assert public key")
)

Functions

This section is empty.

Types

type AccessToken

type AccessToken struct {
	Type    string `json:"token_type"`
	Token   string `json:"access_token"`
	Expires int64  `json:"expires_in"`
}

AccessToken represents a token

func IssueAdminToken

func IssueAdminToken(signingMethod SigningMethod, claims jwt.MapClaims, expireIn time.Duration) (*AccessToken, error)

IssueAdminToken issues admin JWT for API access

type Guard

type Guard struct {
	ParserConfig

	// Duration that a jwt token is valid. Optional, defaults to one hour.
	Timeout time.Duration

	// SigningMethod defines new token signing algorithm/key pair.
	SigningMethod SigningMethod

	// This field allows clients to refresh their token until MaxRefresh has passed.
	// Note that clients can refresh their token in the last moment of MaxRefresh.
	// This means that the maximum validity timespan for a token is MaxRefresh + Timeout.
	// Optional, defaults to 0 meaning not refreshable.
	MaxRefresh time.Duration
}

Guard struct

func NewGuard

func NewGuard(cred config.Credentials) Guard

NewGuard creates a new instance of Guard with default handlers

type Handler

type Handler struct {
	Guard Guard
}

Handler struct

func (*Handler) Login

func (j *Handler) Login(config config.Credentials) http.HandlerFunc

Login can be used by clients to get a jwt token. Payload needs to be json in the form of {"username": "<USERNAME>", "password": "<PASSWORD>"}. Reply will be of the form {"token": "<TOKEN>"}.

func (*Handler) Refresh

func (j *Handler) Refresh() http.HandlerFunc

Refresh can be used to refresh existing and valid jwt token. Reply will be of the form {"token": "<TOKEN>", "expire": "<DateTime in RFC-3339 format>"}.

type JanusClaims

type JanusClaims struct {
	jwt.MapClaims
	// contains filtered or unexported fields
}

JanusClaims is the temporary solution for JWT claims validation with leeway support, should be removed as soon as github.com/dgrijalva/jwt-go 4.0 will be released with leeway support out of the box. This code is loosely based on the solution from https://github.com/dgrijalva/jwt-go/issues/131

func NewJanusClaims

func NewJanusClaims(leeway int64) *JanusClaims

NewJanusClaims instantiates new JanusClaims

func (*JanusClaims) UnmarshalJSON

func (c *JanusClaims) UnmarshalJSON(text []byte) error

UnmarshalJSON is Unmarshaler interface implementation for JanusClaims to unmarshal nested map claims correctly

func (*JanusClaims) Valid

func (c *JanusClaims) Valid() error

Valid validates time based claims "exp, iat, nbf". As well, if any of the above claims are not in the token, it will still be considered a valid claim.

func (*JanusClaims) VerifyExpiresAt

func (c *JanusClaims) VerifyExpiresAt(cmp int64, req bool) bool

VerifyExpiresAt overrides jwt.StandardClaims.VerifyExpiresAt() to use leeway for check

func (*JanusClaims) VerifyIssuedAt

func (c *JanusClaims) VerifyIssuedAt(cmp int64, req bool) bool

VerifyIssuedAt overrides jwt.StandardClaims.VerifyIssuedAt() to use leeway for check

func (*JanusClaims) VerifyNotBefore

func (c *JanusClaims) VerifyNotBefore(cmp int64, req bool) bool

VerifyNotBefore overrides jwt.StandardClaims.VerifyNotBefore() to use leeway for check

type Middleware

type Middleware struct {
	Guard Guard
}

Middleware struct contains data and logic required for middleware functionality

func NewMiddleware

func NewMiddleware(config Guard) *Middleware

NewMiddleware builds and returns new JWT middleware instance

func (*Middleware) Handler

func (m *Middleware) Handler(handler http.Handler) http.Handler

Handler implementation

type Parser

type Parser struct {
	Config ParserConfig
}

Parser struct

func NewParser

func NewParser(config ParserConfig) *Parser

NewParser creates a new instance of Parser

func (*Parser) GetMapClaims

func (jp *Parser) GetMapClaims(token *jwt.Token) (jwt.MapClaims, bool)

GetMapClaims returns a map version of Claims Section

func (*Parser) Parse

func (jp *Parser) Parse(tokenString string) (*jwt.Token, error)

Parse a JWT token and validates it

func (*Parser) ParseFromRequest

func (jp *Parser) ParseFromRequest(r *http.Request) (*jwt.Token, error)

ParseFromRequest tries to extract and validate token from request. See "Guard.TokenLookup" for possible ways to pass token in request.

type ParserConfig

type ParserConfig struct {
	// SigningMethods defines chain of token signature verification algorithm/key pairs.
	SigningMethods []SigningMethod

	// TokenLookup is a string in the form of "<source>:<name>" that is used
	// to extract token from the request.
	// Optional. Default value "header:Authorization".
	// Possible values:
	// - "header:<name>"
	// - "query:<name>"
	// - "cookie:<name>"
	TokenLookup string

	// Leeway is the time in seconds to account for clock skew when checking nbf, iat or expiration times
	Leeway int64
}

ParserConfig configures the way JWT Parser gets and validates token

func NewParserConfig

func NewParserConfig(leeway int64, signingMethod ...SigningMethod) ParserConfig

NewParserConfig creates a new instance of ParserConfig

type Payload

type Payload struct{}

Payload Represents the context key

type SigningMethod

type SigningMethod struct {
	// Alg defines JWT signing algorithm. Possible values are: HS256, HS384, HS512, RS256, RS384, RS512
	Alg string `json:"alg"`
	Key string `json:"key"`
}

SigningMethod defines signing method algorithm and key

type User

type User struct {
	Username string
	Email    string
}

User represents a logged in user

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL