jwt

package module

v0.0.0-...-d4b35dc Latest Latest Go to latest Published: Dec 20, 2016 License: MIT Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/davidcai1993/jwt

Links

Open Source Insights

README ¶

jwt

Json Web Token implementation for Go. Inspired by https://github.com/auth0/node-jsonwebtoken .

Installation

go get -u github.com/DavidCai1993/jwt

Documentation

API documentation can be found here: https://godoc.org/github.com/DavidCai1993/jwt

Usage

Sign:

payload := map[string]interface{}{"foo": "bar"}

// Sign with default (HMAC SHA256)
token, err = jwt.Sign(payload, "secret", nil)

// Sign a jwt which ttl is 10s
token, err = jwt.Sign(payload, "secret", &jwt.SignOption{
  ExpiresIn: 10 * time.Second,
})

privateKey, _ := rsa.GenerateKey(rand.Reader, 1024)

// Sign with RSA SHA256
token, err = jwt.Sign(payload, privateKey, &jwt.SignOption{
  Algorithm: jwt.RS256,
})

Verify:

// Verify a token symmetric
header, payload, err = jwt.Verify(token, "secret", nil)

// Verify audience
header, payload, err = jwt.Verify(token, "secret", &jwt.VerifyOption{
  Audience: "fooAud",
})

// Verify issuer
header, payload, err = jwt.Verify(token, "secret", &jwt.VerifyOption{
  Issuer: "fooIss",
})

// Verify subject and expiration
header, payload, err = jwt.Verify(token, "secret", &jwt.VerifyOption{
  Subject:        "fooSub",
  ClockTolerance: 15 * time.Second,
})

Documentation ¶

Index ¶

Variables
func Sign(payload Payload, secretOrPrivateKey interface{}, opt *SignOption) (token []byte, err error)
func Verify(token []byte, secretOrPrivateKey interface{}, opt *VerifyOption) (header Header, payload Payload, err error)
type Algorithm
type Header
type Payload
type SignOption
type VerifyOption

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrEmptyPayload is returned when the payload given to Sign is empty.
	ErrEmptyPayload = errors.New("jwt: empty payload")
	// ErrEmptySecretOrPrivateKey is returned when the secret or private key
	// given is empy.
	ErrEmptySecretOrPrivateKey = errors.New("jwt: empty secret or private key")
	// ErrInvalidKeyType is returned when the type of given key is wrong.
	ErrInvalidKeyType = errors.New("jwt: invalid key")
	// ErrInvalidSignature is returned when the given signature is invalid.
	ErrInvalidSignature = errors.New("jwt: invalid signature")
	// ErrInvalidHeaderType is returned when "typ" not found in header and is not
	// "JWT".
	ErrInvalidHeaderType = errors.New("jwt: invalid header type")
	// ErrInvalidToken is returned when the formation of the token is not
	// "XXX.XXX.XXX".
	ErrInvalidToken = errors.New("jwt: invalid token")
	// ErrInvalidAlgorithm is returned when the algorithm is not support.
	ErrInvalidAlgorithm = errors.New("jwt: invalid algorithm")
	// ErrInvalidReservedClaim is returned when the reserved claim dose not match
	// with the given value in VerifyOption.
	ErrInvalidReservedClaim = errors.New("jwt: invalid reserved claim")
	// ErrPayloadMissingIat is returned when the payload is missing "iat".
	ErrPayloadMissingIat = errors.New("jwt: payload missing iat")
	// ErrPayloadMissingExp is returned when the payload is missing "exp".
	ErrPayloadMissingExp = errors.New("jwt: payload missing exp")
	// ErrTokenExpired is returned when the token is expired.
	ErrTokenExpired = errors.New("jwt: token expired")
)

Functions ¶

func Sign ¶

func Sign(payload Payload, secretOrPrivateKey interface{}, opt *SignOption) (token []byte, err error)

Sign signs the given payload and serect to the JSON web token, when using HMAC algorithm, secretOrPrivateKey's type should be string or [] byte , when using RSA algorithm, secretOrPrivateKey's type should be rsa.PrivateKey. If the opt given is nil, it will use the defualt HS256 algorithm.

Example ¶

package main

import (
	"crypto/rand"
	"crypto/rsa"
	"time"

	"github.com/DavidCai1993/jwt"
)

var (
	token []byte
	err   error
)

func main() {
	payload := map[string]interface{}{"foo": "bar"}
	// Sign with default (HMAC SHA256)
	token, err = jwt.Sign(payload, "secret", nil)

	// Sign a jwt which ttl is 10s
	token, err = jwt.Sign(payload, "secret", &jwt.SignOption{
		ExpiresIn: 10 * time.Second,
	})

	privateKey, _ := rsa.GenerateKey(rand.Reader, 1024)

	// Sign with RSA SHA256
	token, err = jwt.Sign(payload, privateKey, &jwt.SignOption{
		Algorithm: jwt.RS256,
	})
}

Output:

func Verify ¶

func Verify(token []byte, secretOrPrivateKey interface{}, opt *VerifyOption) (header Header, payload Payload, err error)

Verify will return the decoded header and payload if the signature, optional expiration, audience, issuer and subject are valid. When using HMAC algorithm, secretOrPrivateKey's type should be string or [] byte , when using RSA algorithm, secretOrPrivateKey's type should be rsa.PrivateKey. If the opt given is nil, it will use the defualt HS256 algorithm.

Example ¶

package main

import (
	"time"

	"github.com/DavidCai1993/jwt"
)

var (
	token   []byte
	err     error
	header  jwt.Header
	payload jwt.Payload
)

func main() {
	// Verify a token symmetric
	header, payload, err = jwt.Verify(token, "secret", nil)

	// Verify audience
	header, payload, err = jwt.Verify(token, "secret", &jwt.VerifyOption{
		Audience: "fooAud",
	})

	// Verify issuer
	header, payload, err = jwt.Verify(token, "secret", &jwt.VerifyOption{
		Issuer: "fooIss",
	})

	// Verify subject and expiration
	header, payload, err = jwt.Verify(token, "secret", &jwt.VerifyOption{
		Subject:        "fooSub",
		ClockTolerance: 15 * time.Second,
	})
}

Output:

Types ¶

type Algorithm ¶

type Algorithm string

Algorithm represents a supported hash algorithms.

const (
	// HS256 represents HMAC using SHA-256 hash algorithm.
	HS256 Algorithm = "HS256"
	// HS384 represents HMAC using SHA-384 hash algorithm.
	HS384 Algorithm = "HS384"
	// HS512 represents HMAC using SHA-512 hash algorithm.
	HS512 Algorithm = "HS512"
	// RS256 represents RSASSA using SHA-256 hash algorithm.
	RS256 Algorithm = "RS256"
	// RS384 represents RSASSA using SHA-384 hash algorithm.
	RS384 Algorithm = "RS384"
	// RS512 represents RSASSA using SHA-512 hash algorithm.
	RS512 Algorithm = "RS512"
)

type Header ¶

type Header map[string]interface{}

Header represents a JWT header.

type Payload ¶

type Payload map[string]interface{}

Payload represents a JWT payload.

type SignOption ¶

type SignOption struct {
	Algorithm Algorithm
	ExpiresIn time.Duration
	Audience  string
	Issuer    string
	Subject   string
	// Header is the customized header which will be merged to token's header.
	Header Header
}

SignOption represents the options of Sign.

type VerifyOption ¶

type VerifyOption struct {
	Algorithm Algorithm
	Issuer    string
	Audience  string
	Subject   string
	// IngoreExpiration specifies whether to validate the
	// expiration of the token.
	IngoreExpiration bool
	// ClockTolerance specifies the time duration to tolerate when
	// checking the expiration of the token.
	ClockTolerance time.Duration
}

VerifyOption represents the options of Verify.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL