jwt

package
v0.0.0-...-16534be Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 16, 2025 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package jwt contains low-level utilities for verifying JSON Web Tokens.

Supports only non-encrypted RS256 tokens with `kid` header field populated, as produced by Google Cloud Platform.

Index

Constants

This section is empty.

Variables

View Source
var NotJWT = errors.BoolTag{Key: errors.NewTagKey("not a JSON web token")}

NotJWT is an error tag used to indicate that the string passed to VerifyAndDecode is not in fact structurally a JWT.

Functions

func UnsafeDecode

func UnsafeDecode(jwt string, dest any) error

UnsafeDecode extracts the payload of a JWT **without verifying it**.

It must always be followed by VerifyAndDecode. Useful to "peek" inside the token to see who it was supposedly signed by.

func VerifyAndDecode

func VerifyAndDecode(jwt string, dest any, verifier SignatureVerifier) error

VerifyAndDecode deconstructs the token, verifies its signature using the given `verifier` and on success deserializes its body into `dest`.

Returns errors tagged with NotJWT if `token` doesn't look like a JWT at all. Other errors (like signature verification check errors) are returned without this tag.

Doesn't interpret any JWT claims in the body, just deserializes them into `dest`. The caller is responsible for checking them.

Types

type SignatureVerifier

type SignatureVerifier interface {
	// CheckSignature returns nil if `signed` was indeed signed by given key.
	CheckSignature(keyID string, signed, signature []byte) error
}

SignatureVerifier can verify RS256 signatures.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL