Documentation ¶
Index ¶
- type PKIJWTVerifier
- func NewVerifier(v *PKIJWTVerifier) (*PKIJWTVerifier, error)
- func NewVerifierFromFile(jwtcertPath string, redirectURI string, redirectOnFail, redirectOnNoToken bool) (*PKIJWTVerifier, error)
- func NewVerifierFromPEM(jwtCertPEM []byte, redirectURI string, redirectOnFail, redirectOnNoToken bool) (*PKIJWTVerifier, error)
- func (j *PKIJWTVerifier) Callback(r *http.Request) (string, string, int, error)
- func (j *PKIJWTVerifier) IssueRedirect(originURL string) string
- func (j *PKIJWTVerifier) Validate(ctx context.Context, tokenString string) ([]string, bool, string, error)
- func (j *PKIJWTVerifier) VerifierType() common.JWTType
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PKIJWTVerifier ¶
type PKIJWTVerifier struct { JWTCertPEM []byte RedirectURL string // contains filtered or unexported fields }
PKIJWTVerifier is a generic JWT PKI verifier. It assumes that the tokens have been signed by a private key, and it validates them with the provide public key. This is a simple and stateless verifier that doesn't depend on central server for validating the tokens. The public key is provided out-of-band.
func NewVerifier ¶
func NewVerifier(v *PKIJWTVerifier) (*PKIJWTVerifier, error)
NewVerifier creates a new verifier from the provided configuration.
func NewVerifierFromFile ¶
func NewVerifierFromFile(jwtcertPath string, redirectURI string, redirectOnFail, redirectOnNoToken bool) (*PKIJWTVerifier, error)
NewVerifierFromFile assumes that the input is provided as file path.
func NewVerifierFromPEM ¶
func NewVerifierFromPEM(jwtCertPEM []byte, redirectURI string, redirectOnFail, redirectOnNoToken bool) (*PKIJWTVerifier, error)
NewVerifierFromPEM assumes that the input is a PEM byte array.
func (*PKIJWTVerifier) Callback ¶
Callback is called by an IDP. Not implemented here. No central authorizer for the tokens.
func (*PKIJWTVerifier) IssueRedirect ¶
func (j *PKIJWTVerifier) IssueRedirect(originURL string) string
IssueRedirect issues a redirect. Not implemented. There is no need for a redirect.
func (*PKIJWTVerifier) Validate ¶
func (j *PKIJWTVerifier) Validate(ctx context.Context, tokenString string) ([]string, bool, string, error)
Validate parses a generic JWT token and flattens the claims in a normalized form. It assumes that any of the JWT signing certs or public keys will validate the token.
func (*PKIJWTVerifier) VerifierType ¶
func (j *PKIJWTVerifier) VerifierType() common.JWTType
VerifierType returns the type of the verifier.