jwt

package module
v0.0.0-...-6d0a6a1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 9, 2018 License: BSD-3-Clause Imports: 16 Imported by: 0

README

jwt

Package jwt implements tamper resistant message signing and verification using JSON Web Tokens.

Besides validating the signature, jwt will also check for the existence of exp and nbf claims, and validate as necessary.

The header and claims maps are of type map[string]interface{}. That said, be mindful of the way encoding/json unmarshals into interface{} values. Notably, all JSON numbers are stored as float64.

Usage

Sign
t := jwt.New(jwt.HS256)
t.Claims["exp"] = time.Now().Add(24 * time.Hour).Unix()
token, err := t.Sign([]byte("secret"))
Verify with Known Key
t, err := jwt.Parse(jwt.HS256, token, []byte("secret"))
Verify with Key Func Callback
t, err := jwt.ParseWithKeyFunc(jwt.HS256, token, func(t *jwt.Token) ([]byte, error) {
  // optionally find the key using header, say t.Header["kid"]
  return []byte("secret"), nil
})

Documentation

Overview

Package jwt implements tamper resistant message signing and verification using JSON Web Tokens.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrSigner         = errors.New("jwt: invalid signer")
	ErrMalformed      = errors.New("jwt: incorrect token string format")
	ErrHeaderTyp      = errors.New("jwt: header does not contain valid typ")
	ErrHeaderAlg      = errors.New("jwt: header does not contain valid alg")
	ErrClaimExpired   = errors.New("jwt: current time must be before exp")
	ErrClaimNotBefore = errors.New("jwt: current time must be after nbf")
)

Token errors.

View Source 
var (
	// HMAC
	HS256 = NewHMACSigner("HS256", crypto.SHA256)
	HS384 = NewHMACSigner("HS384", crypto.SHA384)
	HS512 = NewHMACSigner("HS512", crypto.SHA512)

	// RSA
	RS256 = NewRSASigner("RS256", crypto.SHA256)
	RS384 = NewRSASigner("RS384", crypto.SHA384)
	RS512 = NewRSASigner("RS512", crypto.SHA512)

	// ECDSA
	ES256 = NewECDSASigner("ES256", crypto.SHA256)
	ES384 = NewECDSASigner("ES384", crypto.SHA384)
	ES512 = NewECDSASigner("ES512", crypto.SHA512)
)

Signer implementations.

View Source 
var (
	ErrHashUnavailable  = errors.New("jwt: hash unavailable")
	ErrInvalidSignature = errors.New("jwt: invalid signature")
)

Signer errors.

Functions

This section is empty.

Types

type ECDSASigner 

type ECDSASigner struct {
	// contains filtered or unexported fields
}

ECDSASigner is a signer for ECDSA signatures.

func NewECDSASigner 

func NewECDSASigner(name string, hash crypto.Hash) ECDSASigner

NewECDSASigner returns a new ECDSASigner.

func (ECDSASigner) Sign 

func (e ECDSASigner) Sign(b, key []byte) ([]byte, error)

Sign returns the signature of the data. The key is expected to be a PEM-encoded ECDSA private key.

func (ECDSASigner) String 

func (e ECDSASigner) String() string

String implements the fmt.Stringer interface.

func (ECDSASigner) Verify 

func (e ECDSASigner) Verify(b, sig, key []byte) error

Verify returns an error if the signature is invalid. The key is expected to be a PEM-encoded ECDSA public key.

type HMACSigner 

type HMACSigner struct {
	// contains filtered or unexported fields
}

HMACSigner is a signer for HMAC over the crypto.Hash interface.

func NewHMACSigner 

func NewHMACSigner(name string, hash crypto.Hash) HMACSigner

NewHMACSigner returns a new HMACSigner.

func (HMACSigner) Sign 

func (s HMACSigner) Sign(b, key []byte) ([]byte, error)

Sign returns the signature of the data.

func (HMACSigner) String 

func (s HMACSigner) String() string

String implements the fmt.Stringer interface.

func (HMACSigner) Verify 

func (s HMACSigner) Verify(b, sig, key []byte) error

Verify returns an error if the signature is invalid.

type RSASigner 

type RSASigner struct {
	// contains filtered or unexported fields
}

RSASigner is a signer for RSA signatures.

func NewRSASigner 

func NewRSASigner(name string, hash crypto.Hash) RSASigner

NewRSASigner returns a new RSASigner.

func (RSASigner) Sign 

func (e RSASigner) Sign(b, key []byte) ([]byte, error)

Sign returns the signature of the data. The key is expected to be a PEM-encoded RSA private key.

func (RSASigner) String 

func (e RSASigner) String() string

String implements the fmt.Stringer interface.

func (RSASigner) Verify 

func (e RSASigner) Verify(b, sig, key []byte) error

Verify returns an error if the signature is invalid. The key is expected to be a PEM-encoded RSA public key.

type Signer 

type Signer interface {
	// String is the algorithm name.
	fmt.Stringer

	// Sign returns the signature of the data.
	Sign(b, key []byte) ([]byte, error)

	// Verify returns an error if the signature is invalid.
	Verify(b, sig, key []byte) error
}

Signer is the interface that signs and verifies data.

type Token 

type Token struct {
	Header map[string]interface{}
	Claims map[string]interface{}
	// contains filtered or unexported fields
}

Token represents a JWT token.

func New 

func New(s Signer) *Token

New returns a new token.

func Parse 

func Parse(s Signer, jwt string, key []byte) (*Token, error)

Parse validates jwt with key. Signer s is explicitly passed as attackers could otherwise control the choice of algorithm with the alg header that has not yet been verified.

func ParseWithKeyFunc 

func ParseWithKeyFunc(s Signer, jwt string, keyFn func(*Token) ([]byte, error)) (*Token, error)

ParseWithKeyFunc validates the provided jwt using the provided keyFn. This can be used in cases where the token header needs to be parsed to determine the full key.

func (*Token) Sign 

func (t *Token) Sign(key []byte) (string, error)

Sign returns the signed token by serializing the token header and claims to JSON and using the configured signer to calculate the signature.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.