Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrSigningMethodMismatch is the error returned when token is signed with the method other than verified ErrSigningMethodMismatch = errors.New("signing method mismatch") // ErrFailedToParseToken is the error returned when token is failed to parse and validate against secret and expiration date ErrFailedToParseToken = errors.New("failed to parse token") // ErrUnsupportedSigningMethod is the error returned when token is signed with unsupported by the library method ErrUnsupportedSigningMethod = errors.New("unsupported signing method") // ErrInvalidPEMBlock is the error returned for keys expected to be PEM-encoded ErrInvalidPEMBlock = errors.New("invalid RSA: not PEM-encoded") // ErrNotRSAPublicKey is the error returned for invalid RSA public key ErrNotRSAPublicKey = errors.New("invalid RSA: expected PUBLIC KEY block type") // ErrBadPublicKey is the error returned for invalid RSA public key ErrBadPublicKey = errors.New("invalid RSA: failed to assert public key") )
Functions ¶
This section is empty.
Types ¶
type AccessToken ¶
type AccessToken struct { Type string `json:"token_type"` Token string `json:"access_token"` Expires int64 `json:"expires_in"` }
AccessToken represents a token
func IssueAdminToken ¶
func IssueAdminToken(signingMethod SigningMethod, claims jwt.MapClaims, expireIn time.Duration) (*AccessToken, error)
IssueAdminToken issues admin JWT for API access
type Guard ¶
type Guard struct { ParserConfig // Duration that a jwt token is valid. Optional, defaults to one hour. Timeout time.Duration // SigningMethod defines new token signing algorithm/key pair. SigningMethod SigningMethod // This field allows clients to refresh their token until MaxRefresh has passed. // Note that clients can refresh their token in the last moment of MaxRefresh. // This means that the maximum validity timespan for a token is MaxRefresh + Timeout. // Optional, defaults to 0 meaning not refreshable. MaxRefresh time.Duration }
Guard struct
func NewGuard ¶
func NewGuard(cred config.Credentials) Guard
NewGuard creates a new instance of Guard with default handlers
type Handler ¶
type Handler struct {
Guard Guard
}
Handler struct
func (*Handler) Login ¶
func (j *Handler) Login(config config.Credentials) http.HandlerFunc
Login can be used by clients to get a jwt token. Payload needs to be json in the form of {"username": "<USERNAME>", "password": "<PASSWORD>"}. Reply will be of the form {"token": "<TOKEN>"}.
func (*Handler) Refresh ¶
func (j *Handler) Refresh() http.HandlerFunc
Refresh can be used to refresh existing and valid jwt token. Reply will be of the form {"token": "<TOKEN>", "expire": "<DateTime in RFC-3339 format>"}.
type JanusClaims ¶
type JanusClaims struct { jwt.MapClaims // contains filtered or unexported fields }
JanusClaims is the temporary solution for JWT claims validation with leeway support, should be removed as soon as github.com/dgrijalva/jwt-go 4.0 will be released with leeway support out of the box. This code is loosely based on the solution from https://github.com/dgrijalva/jwt-go/issues/131
func NewJanusClaims ¶
func NewJanusClaims(leeway int64) *JanusClaims
NewJanusClaims instantiates new JanusClaims
func (*JanusClaims) UnmarshalJSON ¶
func (c *JanusClaims) UnmarshalJSON(text []byte) error
UnmarshalJSON is Unmarshaler interface implementation for JanusClaims to unmarshal nested map claims correctly
func (*JanusClaims) Valid ¶
func (c *JanusClaims) Valid() error
Valid validates time based claims "exp, iat, nbf". As well, if any of the above claims are not in the token, it will still be considered a valid claim.
func (*JanusClaims) VerifyExpiresAt ¶
func (c *JanusClaims) VerifyExpiresAt(cmp int64, req bool) bool
VerifyExpiresAt overrides jwt.StandardClaims.VerifyExpiresAt() to use leeway for check
func (*JanusClaims) VerifyIssuedAt ¶
func (c *JanusClaims) VerifyIssuedAt(cmp int64, req bool) bool
VerifyIssuedAt overrides jwt.StandardClaims.VerifyIssuedAt() to use leeway for check
func (*JanusClaims) VerifyNotBefore ¶
func (c *JanusClaims) VerifyNotBefore(cmp int64, req bool) bool
VerifyNotBefore overrides jwt.StandardClaims.VerifyNotBefore() to use leeway for check
type Middleware ¶
type Middleware struct {
Guard Guard
}
Middleware struct contains data and logic required for middleware functionality
func NewMiddleware ¶
func NewMiddleware(config Guard) *Middleware
NewMiddleware builds and returns new JWT middleware instance
type Parser ¶
type Parser struct {
Config ParserConfig
}
Parser struct
func NewParser ¶
func NewParser(config ParserConfig) *Parser
NewParser creates a new instance of Parser
func (*Parser) GetMapClaims ¶
GetMapClaims returns a map version of Claims Section
type ParserConfig ¶
type ParserConfig struct { // SigningMethods defines chain of token signature verification algorithm/key pairs. SigningMethods []SigningMethod // TokenLookup is a string in the form of "<source>:<name>" that is used // to extract token from the request. // Optional. Default value "header:Authorization". // Possible values: // - "header:<name>" // - "query:<name>" // - "cookie:<name>" TokenLookup string // Leeway is the time in seconds to account for clock skew when checking nbf, iat or expiration times Leeway int64 }
ParserConfig configures the way JWT Parser gets and validates token
func NewParserConfig ¶
func NewParserConfig(leeway int64, signingMethod ...SigningMethod) ParserConfig
NewParserConfig creates a new instance of ParserConfig
type SigningMethod ¶
type SigningMethod struct { // Alg defines JWT signing algorithm. Possible values are: HS256, HS384, HS512, RS256, RS384, RS512 Alg string `json:"alg"` Key string `json:"key"` }
SigningMethod defines signing method algorithm and key