Documentation ¶
Index ¶
- Constants
- Variables
- func GetAlgorithms() (algs []string)
- func RegisterSigningMethod(alg string, f func() SigningMethod)
- type SigningMethod
- type SigningMethodECDSA
- func (m *SigningMethodECDSA) Alg() string
- func (m *SigningMethodECDSA) Sign(signingString []byte, key interface{}) ([]byte, error)
- func (m *SigningMethodECDSA) SignHash(signingHash []byte, key interface{}) ([]byte, error)
- func (m *SigningMethodECDSA) Verify(signingString, signature []byte, key interface{}) error
- func (m *SigningMethodECDSA) VerifyHash(signingHash, signature []byte, key interface{}) error
- type ValidationError
Constants ¶
const ( ValidationErrorMalformed uint32 = 1 << iota // Token is malformed ValidationErrorUnverifiable // Token could not be verified because of signing problems ValidationErrorSignatureInvalid // Signature validation failed // Standard Claim validation errors ValidationErrorAudience // AUD validation failed ValidationErrorExpired // EXP validation failed ValidationErrorIssuedAt // IAT validation failed ValidationErrorIssuer // ISS validation failed ValidationErrorNotValidYet // NBF validation failed ValidationErrorId // JTI validation failed ValidationErrorClaimsInvalid // Generic claims validation error )
The errors that might occur when parsing and validating a token
Variables ¶
var ( ErrInvalidKey = errors.New("key is invalid") ErrInvalidKeyType = errors.New("key is of invalid type") ErrTokenMalformed = errors.New("token is malformed") ErrTokenUnverifiable = errors.New("token is unverifiable") ErrTokenSignatureInvalid = errors.New("token signature is invalid") ErrTokenInvalidAudience = errors.New("token has invalid audience") ErrTokenExpired = errors.New("token is expired") ErrTokenUsedBeforeIssued = errors.New("token used before issued") ErrTokenInvalidIssuer = errors.New("token has invalid issuer") ErrTokenNotValidYet = errors.New("token is not valid yet") ErrTokenInvalidId = errors.New("token has invalid id") ErrTokenInvalidClaims = errors.New("token has invalid claims") )
Error constants
var ( // Sadly this is missing from crypto/ecdsa compared to crypto/rsa ErrECDSAVerification = errors.New("crypto/ecdsa: verification error") )
Functions ¶
func GetAlgorithms ¶
func GetAlgorithms() (algs []string)
GetAlgorithms returns a list of registered "alg" names
func RegisterSigningMethod ¶
func RegisterSigningMethod(alg string, f func() SigningMethod)
RegisterSigningMethod registers the "alg" name and a factory function for signing method. This is typically done during init() in the method's implementation
Types ¶
type SigningMethod ¶
type SigningMethod interface { Verify(signingString, signature []byte, key interface{}) error // Returns nil if signature is valid VerifyHash(signingHash, signature []byte, key interface{}) error // Returns nil if signature is valid Sign(signingString []byte, key interface{}) ([]byte, error) // Returns encoded signature or error SignHash(signingHash []byte, key interface{}) ([]byte, error) // Returns encoded signature or error Alg() string // returns the alg identifier for this method (example: 'HS256') }
SigningMethod can be used add new methods for signing or verifying tokens.
func GetSigningMethod ¶
func GetSigningMethod(alg string) (method SigningMethod)
GetSigningMethod retrieves a signing method from an "alg" string
type SigningMethodECDSA ¶
SigningMethodECDSA implements the ECDSA family of signing methods. Expects *ecdsa.PrivateKey for signing and *ecdsa.PublicKey for verification
var ( SigningMethodES256 *SigningMethodECDSA SigningMethodES384 *SigningMethodECDSA SigningMethodES512 *SigningMethodECDSA )
Specific instances for EC256 and company
func (*SigningMethodECDSA) Alg ¶
func (m *SigningMethodECDSA) Alg() string
func (*SigningMethodECDSA) Sign ¶
func (m *SigningMethodECDSA) Sign(signingString []byte, key interface{}) ([]byte, error)
Sign implements token signing for the SigningMethod. For this signing method, key must be an ecdsa.PrivateKey struct
func (*SigningMethodECDSA) SignHash ¶
func (m *SigningMethodECDSA) SignHash(signingHash []byte, key interface{}) ([]byte, error)
func (*SigningMethodECDSA) Verify ¶
func (m *SigningMethodECDSA) Verify(signingString, signature []byte, key interface{}) error
Verify implements token verification for the SigningMethod. For this verify method, key must be an ecdsa.PublicKey struct
func (*SigningMethodECDSA) VerifyHash ¶
func (m *SigningMethodECDSA) VerifyHash(signingHash, signature []byte, key interface{}) error
type ValidationError ¶
type ValidationError struct { Inner error // stores the error returned by external dependencies, i.e.: KeyFunc Errors uint32 // bitfield. see ValidationError... constants // contains filtered or unexported fields }
ValidationError represents an error from Parse if token is not valid
func NewValidationError ¶
func NewValidationError(errorText string, errorFlags uint32) *ValidationError
NewValidationError is a helper for constructing a ValidationError with a string error message
func (ValidationError) Error ¶
func (e ValidationError) Error() string
Error is the implementation of the err interface.
func (*ValidationError) Is ¶
func (e *ValidationError) Is(err error) bool
Is checks if this ValidationError is of the supplied error. We are first checking for the exact error message by comparing the inner error message. If that fails, we compare using the error flags. This way we can use custom error messages (mainly for backwards compatability) and still leverage errors.Is using the global error variables.
func (*ValidationError) Unwrap ¶
func (e *ValidationError) Unwrap() error
Unwrap gives errors.Is and errors.As access to the inner error.