jwtkms

package
v2.0.0-...-797e9f4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 14, 2022 License: MIT Imports: 14 Imported by: 0

Documentation

Overview

Package jwtkms provides an AWS KMS(Key Management Service) adapter to be used with the popular GoLang JWT library

Importing this package will auto register the provided SigningMethods and make them available for use. Make sure to use a keyConfig with a keyId that provides the requested SigningMethod's algorithm for Sign/Verify.

By default JWT signature verification will happen by downloading and caching the public key of the KMS key, but you can also set verifyWithKMS to true if you want the KMS to verify the signature instead.

Index

Constants

This section is empty.

Variables

View Source 
var (
	SigningMethodECDSA256 *ECDSASigningMethod
	SigningMethodECDSA384 *ECDSASigningMethod
	SigningMethodECDSA512 *ECDSASigningMethod

	SigningMethodRS256 *RSASigningMethod
	SigningMethodRS384 *RSASigningMethod
	SigningMethodRS512 *RSASigningMethod
)

Functions

This section is empty.

Types

type Config 

type Config struct {
	// contains filtered or unexported fields
}

Config is a struct to be passed to token signing/verification.

func NewKMSConfig 

func NewKMSConfig(client KMSClient, keyID string, verify bool) *Config

NewKMSConfig create a new Config with specified parameters.

func (*Config) WithContext 

func (c *Config) WithContext(ctx context.Context) *Config

WithContext returns a copy of Config with context.

type ECDSASigningMethod 

type ECDSASigningMethod struct {
	// contains filtered or unexported fields
}

ECDSASigningMethod is an ECDSA implementation of the SigningMethod interface that uses KMS to Sign/Verify JWTs.

func (*ECDSASigningMethod) Alg 

func (m *ECDSASigningMethod) Alg() string

func (*ECDSASigningMethod) Sign 

func (m *ECDSASigningMethod) Sign(signingString string, keyConfig interface{}) (string, error)

func (*ECDSASigningMethod) Verify 

func (m *ECDSASigningMethod) Verify(signingString, signature string, keyConfig interface{}) error

type KMSClient 

type KMSClient interface {
	SignWithContext(aws.Context, *kms.SignInput, ...request.Option) (*kms.SignOutput, error)
	VerifyWithContext(aws.Context, *kms.VerifyInput, ...request.Option) (*kms.VerifyOutput, error)
	GetPublicKeyWithContext(aws.Context, *kms.GetPublicKeyInput, ...request.Option) (*kms.GetPublicKeyOutput, error)
}

KMSClient is the subset of `*kms.Client` functionality used when signing and verifying JWTs. It is an interface here so users do not need to depend on the full-sized `*kms.Client` object and can substitute their own implementation.

type RSASigningMethod 

type RSASigningMethod struct {
	// contains filtered or unexported fields
}

RSASigningMethod is an RSA implementation of the SigningMethod interface that uses KMS to Sign/Verify JWTs.

func (*RSASigningMethod) Alg 

func (m *RSASigningMethod) Alg() string

func (*RSASigningMethod) Sign 

func (m *RSASigningMethod) Sign(signingString string, keyConfig interface{}) (string, error)

func (*RSASigningMethod) Verify 

func (m *RSASigningMethod) Verify(signingString, signature string, keyConfig interface{}) error

Source Files

View all Source files

Directories

Path Synopsis
internal
mockkms
Package mockkms provides a partial implementation of AWS' KMS interface sufficient to satisfy the KMSClient interface.
 Package mockkms provides a partial implementation of AWS' KMS interface sufficient to satisfy the KMSClient interface.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.