README
¶
jwt
Package jwt is a partial but production-ready implementation of RFC-7519.
Usage Example
The below example demonstrates how to create, sign, serialize, parse and then verify a JWT token. The example uses ES256 - but this package also supports RS256 and EdDSA (Ed25519).
token := jwt.NewToken()
token.AddClaim("uid", "1234")
token.AddScope("read:profile")
token.AddScope("write:profile")
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
return err
}
signer := jwt.NewES256Signer(privateKey)
if err := token.Sign(signer); err != nil {
return err
}
tokenStr, err := token.Serialize()
if err != nil {
return err
}
fmt.Printf("%v\n", tokenStr) // eyJhbGci...
token, err = jwt.Parse(tokenStr)
if err != nil {
return err
}
verifier := jwt.NewES256Verifier(&privateKey.PublicKey)
fmt.Printf("%v\n", token.Verify(verifier)) // true
Icons made by Freepik from www.flaticon.com.
Documentation
¶
Index ¶
- Variables
- type Algorithm
- type Body
- type ES256Signer
- type ES256Verifier
- type EdDSASigner
- type EdDSAVerifier
- type Header
- type RS256Signer
- type RS256Verifier
- type Signer
- type Token
- func (t *Token) AddClaim(name string, value interface{})
- func (t *Token) AddScope(scope string)
- func (t *Token) GetClaim(name string) (interface{}, bool)
- func (t *Token) GetStringClaim(name string) (string, bool)
- func (t *Token) HasScope(scope string) bool
- func (t *Token) IsSigned() bool
- func (t *Token) RemoveClaim(name string)
- func (t *Token) RemoveScope(scope string)
- func (t *Token) Serialize() (string, error)
- func (t *Token) Sign(signer Signer) error
- func (t *Token) Verify(verifier Verifier) bool
- type Verifier
Constants ¶
This section is empty.
Variables ¶
var ErrImmutable = errors.New("the operation cannot complete as the token is immutable")
ErrImmutable is returned when an operation cannot be completed due to the token being signed.
var ErrInvalidTokenStructure = errors.New("the provided token is invalid")
ErrInvalidTokenStructure is returned when the provided token has an invalid structure and is not semantically a JWT.
var ErrNotSigned = errors.New("the operation cannot complete as the token is not yet signed")
ErrNotSigned is returned when an operatioan cannot be completed due to the token not being signed.
Functions ¶
This section is empty.
Types ¶
type Algorithm ¶
type Algorithm string
Algorithm is an alias for string that defines the set of supported JWT signature types.
type Body ¶
type Body map[string]interface{}
Body represents the main structure of the token for scopes and claims.
type ES256Signer ¶
type ES256Signer struct {
// contains filtered or unexported fields
}
ES256Signer signs JWT tokens using the ES256 algorithm.
func NewES256Signer ¶
func NewES256Signer(privateKey *ecdsa.PrivateKey) *ES256Signer
NewES256Signer creates a new ES256Signer with the provided ECDSA Private Key.
func (*ES256Signer) Algorithm ¶
func (s *ES256Signer) Algorithm() Algorithm
Algorithm returns ES256.
type ES256Verifier ¶
type ES256Verifier struct {
// contains filtered or unexported fields
}
ES256Verifier verifies JWT tokens using the ES256 algorithm.
func NewES256Verifier ¶
func NewES256Verifier(publicKey *ecdsa.PublicKey) *ES256Verifier
NewES256Verifier creates a new ES256Verifier with the provided ECDSA Public Key.
type EdDSASigner ¶
type EdDSASigner struct {
// contains filtered or unexported fields
}
EdDSASigner signs JWT tokens using the EdDSA algorithm.
func NewEdDSASigner ¶
func NewEdDSASigner(privateKey ed25519.PrivateKey) *EdDSASigner
NewEdDSASigner creates a new EdDSASigner with the provided Ed25519 Private Key.
func (*EdDSASigner) Algorithm ¶
func (s *EdDSASigner) Algorithm() Algorithm
Algorithm returns EdDSA.
type EdDSAVerifier ¶
type EdDSAVerifier struct {
// contains filtered or unexported fields
}
EdDSAVerifier verifies JWT tokens using the EdDSA algorithm.
func NewEdDSAVerifier ¶
func NewEdDSAVerifier(publicKey ed25519.PublicKey) *EdDSAVerifier
NewEdDSAVerifier creates a new EdDSAVerifier with the provided Ed25519 Public Key.
type Header ¶
type Header struct {
Algorithm Algorithm `json:"alg"`
KeyID string `json:"kid,omitempty"`
Type string `json:"typ"`
}
Header represents a JWT header.
type RS256Signer ¶
type RS256Signer struct {
// contains filtered or unexported fields
}
RS256Signer signs JWT tokens using the RS256 algorithm.
func NewRS256Signer ¶
func NewRS256Signer(privateKey *rsa.PrivateKey) *RS256Signer
NewRS256Signer creates a new RS256Signer with the provided RSA Private Key.
func (*RS256Signer) Algorithm ¶
func (s *RS256Signer) Algorithm() Algorithm
Algorithm returns RS256.
type RS256Verifier ¶
type RS256Verifier struct {
// contains filtered or unexported fields
}
RS256Verifier verifies JWT tokens using the RS256 algorithm.
func NewRS256Verifier ¶
func NewRS256Verifier(publicKey *rsa.PublicKey) *RS256Verifier
NewRS256Verifier creates a new RS256Verifier with the provided RSA Public Key.
type Token ¶
type Token struct {
Header Header
Body Body
Signature []byte
// contains filtered or unexported fields
}
Token represents a (potentially signed) JWT token.
func (*Token) AddScope ¶
AddScope adds a scope to the token. This operation is a no-op if the token is signed.
func (*Token) GetStringClaim ¶
GetStringClaim gets the string value of a claim, if present.
func (*Token) IsSigned ¶
IsSigned returns true when the token has a signature present. This method does not state anything about the validity of an attached signature.
func (*Token) RemoveClaim ¶
RemoveClaim removes a claim from the token.
func (*Token) RemoveScope ¶
RemoveScope removes a scope from the token. This operation is a no-op if the token is signed.
Source Files