The highest tagged major version is v5.

jwt

package module

v2.0.0 Latest Latest Go to latest Published: May 7, 2020 License: MIT Imports: 16 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cristalhq/jwt

Links

Open Source Insights

README ¶

jwt

JSON Web Tokens for Go

Features

Simple API.
Optimized for speed.
Dependency-free.

Install

Go version 1.13

go get github.com/cristalhq/jwt

Example

key := []byte(`secret`)
signer, errSigner := jwt.NewHS256(key)
builder := jwt.NewBuilder(signer)

claims := &jwt.StandardClaims{
    Audience: []string{"admin"},
    ID:       "random-unique-string",
}
token, errBuild := builder.Build(claims)

raw := token.Raw() // JWT signed token

errVerify := signer.Verify(token.Payload(), token.Signature())

Also see examples: build, parse.

Documentation

See these docs.

License

MIT License.

Documentation ¶

Index ¶

Constants
func BuildBytes(signer Signer, claims interface{}) ([]byte, error)
type Algorithm
type Audience
- func (a Audience) MarshalJSON() ([]byte, error)
- func (a *Audience) UnmarshalJSON(b []byte) error
type Builder
- func NewBuilder(signer Signer) *Builder
- func (b *Builder) Build(claims interface{}) (*Token, error)
- func (b *Builder) BuildBytes(claims interface{}) ([]byte, error)
type Error
- func (e Error) Error() string
type Header
- func (h *Header) MarshalJSON() (data []byte, err error)
type NumericDate
- func NewNumericDate(t time.Time) *NumericDate
- func (t NumericDate) MarshalJSON() ([]byte, error)
- func (t *NumericDate) UnmarshalJSON(data []byte) error
type Signer
- func NewSignerES(alg Algorithm, key *ecdsa.PrivateKey) (Signer, error)
- func NewSignerEdDSA(key ed25519.PrivateKey) (Signer, error)
- func NewSignerHS(alg Algorithm, key []byte) (Signer, error)
- func NewSignerPS(alg Algorithm, key *rsa.PrivateKey) (Signer, error)
- func NewSignerRS(alg Algorithm, key *rsa.PrivateKey) (Signer, error)
type StandardClaims
- func (sc *StandardClaims) IsForAudience(audience string) bool
- func (sc *StandardClaims) IsID(id string) bool
- func (sc *StandardClaims) IsIssuer(issuer string) bool
- func (sc *StandardClaims) IsSubject(subject string) bool
- func (sc *StandardClaims) IsValidAt(now time.Time) bool
- func (sc *StandardClaims) IsValidExpiresAt(now time.Time) bool
- func (sc *StandardClaims) IsValidIssuedAt(now time.Time) bool
- func (sc *StandardClaims) IsValidNotBefore(now time.Time) bool
type Token
- func Build(signer Signer, claims interface{}) (*Token, error)
- func Parse(raw []byte) (*Token, error)
- func ParseAndVerify(raw []byte, verifier Verifier) (*Token, error)
- func ParseAndVerifyString(raw string, verifier Verifier) (*Token, error)
- func ParseString(raw string) (*Token, error)
- func (t *Token) Header() Header
- func (t *Token) Payload() []byte
- func (t *Token) Raw() []byte
- func (t *Token) RawClaims() []byte
- func (t *Token) RawHeader() []byte
- func (t *Token) SecureString() string
- func (t *Token) Signature() []byte
- func (t *Token) String() string
type Verifier
- func NewVerifierES(alg Algorithm, key *ecdsa.PublicKey) (Verifier, error)
- func NewVerifierEdDSA(key ed25519.PublicKey) (Verifier, error)
- func NewVerifierHS(alg Algorithm, key []byte) (Verifier, error)
- func NewVerifierPS(alg Algorithm, key *rsa.PublicKey) (Verifier, error)
- func NewVerifierRS(alg Algorithm, key *rsa.PublicKey) (Verifier, error)

Constants ¶

View Source

const (
	// ErrInvalidKey indicates that key is not valid.
	ErrInvalidKey = Error("jwt: key is not valid")

	// ErrUnsupportedAlg indicates that given algorithm is not supported.
	ErrUnsupportedAlg = Error("jwt: algorithm is not supported")

	// ErrInvalidFormat indicates that token format is not valid.
	ErrInvalidFormat = Error("jwt: token format is not valid")

	// ErrAudienceInvalidFormat indicates that audience format is not valid.
	ErrAudienceInvalidFormat = Error("jwt: audience format is not valid")

	// ErrDateInvalidFormat indicates that date format is not valid.
	ErrDateInvalidFormat = Error("jwt: date is not valid")

	// ErrAlgorithmMismatch indicates that token is signed by another algorithm.
	ErrAlgorithmMismatch = Error("jwt: token is signed by another algorithm")

	// ErrInvalidSignature indicates that signature is not valid.
	ErrInvalidSignature = Error("jwt: signature is not valid")
)

Build and parse errors.

Variables ¶

This section is empty.

Functions ¶

func BuildBytes ¶

func BuildBytes(signer Signer, claims interface{}) ([]byte, error)

BuildBytes is used to create and encode JWT with a provided claims.

Types ¶

type Algorithm ¶

type Algorithm string

Algorithm for signing and verifying.

const (
	EdDSA Algorithm = "EdDSA"

	HS256 Algorithm = "HS256"
	HS384 Algorithm = "HS384"
	HS512 Algorithm = "HS512"

	RS256 Algorithm = "RS256"
	RS384 Algorithm = "RS384"
	RS512 Algorithm = "RS512"

	ES256 Algorithm = "ES256"
	ES384 Algorithm = "ES384"
	ES512 Algorithm = "ES512"

	PS256 Algorithm = "PS256"
	PS384 Algorithm = "PS384"
	PS512 Algorithm = "PS512"
)

Algorithm names for signing and verifying.

type Audience ¶

type Audience []string

Audience is a special claim that be a single string or an array of strings see RFC 7519.

func (Audience) MarshalJSON ¶

func (a Audience) MarshalJSON() ([]byte, error)

MarshalJSON implements a marshaling function for "aud" claim.

func (*Audience) UnmarshalJSON ¶

func (a *Audience) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json.Unmarshaler interface.

type Builder ¶

type Builder struct {
	// contains filtered or unexported fields
}

Builder is used to create a new token.

func NewBuilder ¶

func NewBuilder(signer Signer) *Builder

NewBuilder returns new instance of Builder.

func (*Builder) Build ¶

func (b *Builder) Build(claims interface{}) (*Token, error)

Build used to create and encode JWT with a provided claims.

func (*Builder) BuildBytes ¶

func (b *Builder) BuildBytes(claims interface{}) ([]byte, error)

BuildBytes used to create and encode JWT with a provided claims.

type Error ¶

type Error string

Error represents a JWT error.

func (Error) Error ¶

func (e Error) Error() string

type Header ¶

type Header struct {
	Algorithm   Algorithm `json:"alg"`
	Type        string    `json:"typ,omitempty"` // only "JWT" can be here
	ContentType string    `json:"cty,omitempty"`
}

Header representa JWT header data. See: https://tools.ietf.org/html/rfc7519#section-5

func (h *Header) MarshalJSON() (data []byte, err error)

MarshalJSON implements the json.Marshaler interface.

type NumericDate ¶

type NumericDate struct {
	time.Time
}

NumericDate represents date for StandardClaims See: https://tools.ietf.org/html/rfc7519#section-2

func NewNumericDate ¶

func NewNumericDate(t time.Time) *NumericDate

NewNumericDate creates a new NumericDate value from time.Time.

func (NumericDate) MarshalJSON ¶

func (t NumericDate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface.

func (*NumericDate) UnmarshalJSON ¶

func (t *NumericDate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface.

type Signer ¶

type Signer interface {
	Algorithm() Algorithm
	Sign(payload []byte) ([]byte, error)
}

Signer is used to sign tokens.

func NewSignerES ¶

func NewSignerES(alg Algorithm, key *ecdsa.PrivateKey) (Signer, error)

NewSignerES returns a new ECDSA-based signer.

func NewSignerEdDSA ¶

func NewSignerEdDSA(key ed25519.PrivateKey) (Signer, error)

NewSignerEdDSA returns a new ed25519-based signer.

func NewSignerHS ¶

func NewSignerHS(alg Algorithm, key []byte) (Signer, error)

NewSignerHS returns a new HMAC-based signer.

func NewSignerPS ¶

func NewSignerPS(alg Algorithm, key *rsa.PrivateKey) (Signer, error)

NewSignerPS returns a new RSA-PSS-based signer.

func NewSignerRS ¶

func NewSignerRS(alg Algorithm, key *rsa.PrivateKey) (Signer, error)

NewSignerRS returns a new RSA-based signer.

type StandardClaims ¶

type StandardClaims struct {
	// ID claim provides a unique identifier for the JWT.
	ID string `json:"jti,omitempty"`

	// Audience claim identifies the recipients that the JWT is intended for.
	Audience Audience `json:"aud,omitempty"`

	// Issuer claim identifies the principal that issued the JWT.
	// Use of this claim is OPTIONAL.
	Issuer string `json:"iss,omitempty"`

	// Subject claim identifies the principal that is the subject of the JWT.
	// Use of this claim is OPTIONAL.
	Subject string `json:"sub,omitempty"`

	// ExpiresAt claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing.
	// Use of this claim is OPTIONAL.
	ExpiresAt *NumericDate `json:"exp,omitempty"`

	// IssuedAt claim identifies the time at which the JWT was issued.
	// This claim can be used to determine the age of the JWT.
	// Use of this claim is OPTIONAL.
	IssuedAt *NumericDate `json:"iat,omitempty"`

	// NotBefore claim identifies the time before which the JWT MUST NOT be accepted for processing.
	// Use of this claim is OPTIONAL.
	NotBefore *NumericDate `json:"nbf,omitempty"`
}

StandardClaims represents claims for JWT. See: https://tools.ietf.org/html/rfc7519#section-4.1

func (*StandardClaims) IsForAudience ¶

func (sc *StandardClaims) IsForAudience(audience string) bool

IsForAudience reports whether token has a given audience.

func (*StandardClaims) IsID ¶

func (sc *StandardClaims) IsID(id string) bool

IsID reports whether token has a given id.

func (*StandardClaims) IsIssuer ¶

func (sc *StandardClaims) IsIssuer(issuer string) bool

IsIssuer reports whether token has a given issuer.

func (*StandardClaims) IsSubject ¶

func (sc *StandardClaims) IsSubject(subject string) bool

IsSubject reports whether token has a given subject.

func (*StandardClaims) IsValidAt ¶

func (sc *StandardClaims) IsValidAt(now time.Time) bool

IsValidAt reports whether a token is valid at a given time.

func (*StandardClaims) IsValidExpiresAt ¶

func (sc *StandardClaims) IsValidExpiresAt(now time.Time) bool

IsValidExpiresAt reports whether a token isn't expired at a given time.

func (*StandardClaims) IsValidIssuedAt ¶

func (sc *StandardClaims) IsValidIssuedAt(now time.Time) bool

IsValidIssuedAt reports whether a token was created before a given time.

func (*StandardClaims) IsValidNotBefore ¶

func (sc *StandardClaims) IsValidNotBefore(now time.Time) bool

IsValidNotBefore reports whether a token isn't used before a given time.

type Token ¶

type Token struct {
	// contains filtered or unexported fields
}

Token represents a JWT token. See: https://tools.ietf.org/html/rfc7519

func Build ¶

func Build(signer Signer, claims interface{}) (*Token, error)

Build is used to create and encode JWT with a provided claims.

func Parse ¶

func Parse(raw []byte) (*Token, error)

Parse decodes a token from a raw bytes.

func ParseAndVerify ¶

func ParseAndVerify(raw []byte, verifier Verifier) (*Token, error)

ParseAndVerify decodes a token and verifies it's signature.

func ParseAndVerifyString ¶

func ParseAndVerifyString(raw string, verifier Verifier) (*Token, error)

ParseAndVerifyString decodes a token and verifies it's signature.

func ParseString ¶

func ParseString(raw string) (*Token, error)

ParseString decodes a token.

func (t *Token) Header() Header

Header returns token's header.

func (*Token) Payload ¶

func (t *Token) Payload() []byte

Payload returns token's payload.

func (*Token) Raw ¶

func (t *Token) Raw() []byte

Raw returns token's raw bytes.

func (*Token) RawClaims ¶

func (t *Token) RawClaims() []byte

RawClaims returns token's claims as a raw bytes.

func (*Token) RawHeader ¶

func (t *Token) RawHeader() []byte

RawHeader returns token's header raw bytes.

func (*Token) SecureString ¶

func (t *Token) SecureString() string

SecureString returns token without a signature (replaced with `.<signature>`).

func (*Token) Signature ¶

func (t *Token) Signature() []byte

Signature returns token's signature.

func (*Token) String ¶

func (t *Token) String() string

type Verifier ¶

type Verifier interface {
	Algorithm() Algorithm
	Verify(payload, signature []byte) error
}

Verifier is used to verify tokens.

func NewVerifierES ¶

func NewVerifierES(alg Algorithm, key *ecdsa.PublicKey) (Verifier, error)

NewVerifierES returns a new ECDSA-based verifier.

func NewVerifierEdDSA ¶

func NewVerifierEdDSA(key ed25519.PublicKey) (Verifier, error)

NewVerifierEdDSA returns a new ed25519-based verifier.

func NewVerifierHS ¶

func NewVerifierHS(alg Algorithm, key []byte) (Verifier, error)

NewVerifierHS returns a new HMAC-based verifier.

func NewVerifierPS ¶

func NewVerifierPS(alg Algorithm, key *rsa.PublicKey) (Verifier, error)

NewVerifierPS returns a new RSA-PSS-based signer.

func NewVerifierRS ¶

func NewVerifierRS(alg Algorithm, key *rsa.PublicKey) (Verifier, error)

NewVerifierRS returns a new RSA-based verifier.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL