Documentation
¶
Overview ¶
Package jwt provides utility functions for validating JSON Web Tokens (JWT) as defined by Cloud Identity-Aware Proxy (Cloud IAP). This package follows the instructions specified at https://cloud.google.com/iap/docs/signed-headers-howtospecifications
Index ¶
Constants ¶
const DefaultPublicKeysURL = "https://www.gstatic.com/iap/verify/public_key"
DefaultPublicKeysURL is the URL from which public keys will be fetched.
Variables ¶
var ( ErrAudienceInsufficientParts = errors.New("Audience must have 4 or 5 parts") ErrAudienceMustStartWithProjects = errors.New("Audience must start with /projects") ErrAudienceEmptyProject = errors.New("Audience must have a non-empty project number") ErrAudienceInvalidAppEngineFormat = errors.New("Audience for AppEngine must match /projects/PROJECT_NUMBER/apps/PROJECT_ID") ErrAudienceMissingProjectID = errors.New("Audience for AppEngine must have a project ID") ErrAudienceInvalidComputeContainerEngineFormat = errors.New("Audience for Compute or Container Engine must match /projects/PROJECT_NUMBER/global/backendServices/PROJECT_ID") ErrAudienceMissingServiceID = errors.New("Audience for Compute or Container Engine must have a service ID") )
var ( ErrConfigUndefinedMatchAudiences = errors.New("No audiences to match defined") ErrConfigNoPublicKeys = errors.New("No public keys defined") )
var (
ErrMissingRequestToken = errors.New("Token was not found in the request headers")
)
var (
ErrPublicKeyNoFilesFound = errors.New("Could not find any readable public keys matching *.pub")
)
Functions ¶
Types ¶
type Audience ¶
type Audience string
Audience is a string wrapper to provide validation logic for GCP IAP audience URLs. From the IAP docs at https://cloud.google.com/iap/docs/signed-headers-howto: Audience must be a string with the following values: * App Engine: /projects/PROJECT_NUMBER/apps/PROJECT_ID * Compute Engine and Container Engine: /projects/PROJECT_NUMBER/global/backendServices/SERVICE_ID
func NewAudience ¶
NewAudience returns an Audience from a string.
func ParseAudience ¶
ParseAudience parses an Audience from a string.
type Claims ¶
type Claims struct {
jwt.StandardClaims
Email string `json:"email,omitempty"`
// contains filtered or unexported fields
}
Claims represents parsed JWT Token Claims.
func RequestClaims ¶
RequestClaims checks the validity and returns the claims in the request. Claims may be returned even if an error occurs.
type Config ¶
type Config struct {
// contains filtered or unexported fields
}
Config specifies the parameters for which to perform validation of JWT tokens in requests against.
type PublicKey ¶
type PublicKey []byte
PublicKey are Google's public keys to use for JWT token validation.
type PublicKeys ¶
PublicKeys is a map of key id and pem encoded EC256 keys
func DecodePublicKeys ¶
func DecodePublicKeys(r io.Reader) (PublicKeys, error)
DecodePublicKeys decodes all public keys from the given Reader.
func FetchPublicKeys ¶
func FetchPublicKeys(httpClient *http.Client, url string) (PublicKeys, error)
FetchPublicKeys downloads and decodes all public keys from Google.
func ReadAllPublickeys ¶
func ReadAllPublickeys(directory string) (PublicKeys, error)
ReadAllPublickeys reads all .pub files in the given directory using the file name without the file extionsion as the key ID.
Source Files