dpopjwt

package
v0.0.0-...-6aa075c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 29, 2024 License: MIT Imports: 21 Imported by: 3

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrNilKey indicates that key is nil.
	ErrNilKey = errors.New("key is nil")

	// ErrInvalidKey indicates that key is not valid.
	ErrInvalidKey = errors.New("key is not valid")

	// ErrUnsupportedAlg indicates that given algorithm is not supported.
	ErrUnsupportedAlg = errors.New("algorithm is not supported")

	// ErrNotJWTType indicates that JWT token type is not JWT.
	// Deprecated: leftover after a wrong feature, present due to backward compatibility.
	ErrNotJWTType = errors.New("token of not JWT type")

	// ErrInvalidFormat indicates that token format is not valid.
	ErrInvalidFormat = errors.New("token format is not valid")

	// ErrAudienceInvalidFormat indicates that audience format is not valid.
	ErrAudienceInvalidFormat = errors.New("audience format is not valid")

	// ErrDateInvalidFormat indicates that date format is not valid.
	ErrDateInvalidFormat = errors.New("date is not valid")

	// ErrAlgorithmMismatch indicates that token is signed by another algorithm.
	ErrAlgorithmMismatch = errors.New("token is signed by another algorithm")

	// ErrInvalidSignature indicates that signature is not valid.
	ErrInvalidSignature = errors.New("signature is not valid")

	// ErrUninitializedToken indicates that token was not create with Parse func.
	ErrUninitializedToken = errors.New("token was not initialized")
)

JWT sign, verify, build and parse errors.

Functions

func CheckNonce 

func CheckNonce(nonce string) (bool, error)

func GenerateNonce 

func GenerateNonce(length int) string

func GenerateRandomBits 

func GenerateRandomBits(bits int) ([]byte, error)

Generates a random key of the given bits length.

func Jkt 

func Jkt(jwk JWK) (string, error)

func ParseClaims 

func ParseClaims(raw []byte, verifier Verifier, claims any) error

ParseClaims decodes a token claims and verifies it's signature.

Types

type Algorithm 

type Algorithm string

Algorithm for signing and verifying. 

const (
	ES256 Algorithm = "ES256"
)

Algorithm names for signing and verifying.

func (Algorithm) String 

func (a Algorithm) String() string

type Audience 

type Audience []string

Audience is a special claim that be a single string or an array of strings See: https://tools.ietf.org/html/rfc7519

func (Audience) MarshalJSON 

func (a Audience) MarshalJSON() ([]byte, error)

MarshalJSON implements a marshaling function for "aud" claim.

func (*Audience) UnmarshalJSON 

func (a *Audience) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json.Unmarshaler interface.

type Builder 

type Builder struct {
	// contains filtered or unexported fields
}

Builder is used to create a new token. Safe to use concurrently.

func NewBuilder 

func NewBuilder(signer Signer, opts ...BuilderOption) *Builder

NewBuilder returns new instance of Builder.

func (*Builder) Build 

func (b *Builder) Build(claims any) (*Token, error)

Build used to create and encode JWT with a provided claims. If claims param is of type []byte or string then it's treated as a marshaled JSON. In other words you can pass already marshaled claims.

type BuilderOption 

type BuilderOption func(*Builder)

BuilderOption is used to modify builder properties.

func WithContentType 

func WithContentType(cty string) BuilderOption

WithContentType sets `cty` header for token.

func WithJWK 

func WithJWK(jwk JWK) BuilderOption

WithJWK sets `jwk` header with the given JSON Web Key

func WithKeyID 

func WithKeyID(kid string) BuilderOption

WithKeyID sets `kid` header for token.

func WithTyp 

func WithTyp(typ string) BuilderOption

WithTyp sets `typ` header for token with the given string.

type Cnf 

type Cnf struct {
	Jkt string `json:"jkt,omitempty"`
}

Cnf represents a single proof-of-possession key

type ESAlg 

type ESAlg struct {
	// contains filtered or unexported fields
}

func NewSignerES 

func NewSignerES(alg Algorithm, key *ecdsa.PrivateKey) (*ESAlg, error)

NewSignerES returns a new ECDSA-based signer.

func NewVerifierES 

func NewVerifierES(alg Algorithm, key *ecdsa.PublicKey) (*ESAlg, error)

NewVerifierES returns a new ECDSA-based verifier.

func (*ESAlg) Algorithm 

func (es *ESAlg) Algorithm() Algorithm

func (*ESAlg) Sign 

func (es *ESAlg) Sign(payload []byte) ([]byte, error)

func (*ESAlg) SignSize 

func (es *ESAlg) SignSize() int

func (*ESAlg) Verify 

func (es *ESAlg) Verify(token *Token) error
type Header struct {
	Type        string    `json:"typ"`
	Algorithm   Algorithm `json:"alg"`
	Jwk         JWK       `json:"jwk"` // stores a JWK public key
	ContentType string    `json:"cty,omitempty"`
	KeyID       string    `json:"kid,omitempty"`
}

Header represents a DPoPJWT header data.

func (Header) MarshalJSON 

func (h Header) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface.

type JWK 

type JWK struct {
	Crv string `json:"crv"`
	Kty string `json:"kty"`
	X   string `json:"x"`
	Y   string `json:"y"`
}

Public JWK of EC type

func CreateKey 

func CreateKey() (*ecdsa.PrivateKey, JWK, error)

func ECDSAToJWK 

func ECDSAToJWK(publicKey *ecdsa.PublicKey) (JWK, error)

type NumericDate 

type NumericDate struct {
	time.Time
}

NumericDate represents date for StandardClaims See: https://tools.ietf.org/html/rfc7519#section-2

func NewNumericDate 

func NewNumericDate(t time.Time) *NumericDate

NewNumericDate creates a new NumericDate value from time.Time.

func (NumericDate) MarshalJSON 

func (t NumericDate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface.

func (*NumericDate) UnmarshalJSON 

func (t *NumericDate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface.

type RegisteredClaims 

type RegisteredClaims struct {

	// Jti claim provides a unique identifier for the DPoP Proof JWT
	Jti string `json:"jti"`

	// Htm claim provides the value of the HTTP method of the request to which
	// the JWT is attached
	Htm string `json:"htm"`

	// Htu claim provides the HTTP target URI of the request to which the
	// JWT is attached, without query and fragment parts
	Htu string `json:"htu"`

	// Iat claim provides the creation timestamp of the JWT
	Iat *NumericDate `json:"iat"`

	// Nonce claim provides the authorization server-provided nonce
	Nonce string `json:"nonce,omitempty"`

	Cnf Cnf `json:"cnf,omitempty"`
}

RegisteredClaims represents the minimal claims for DPoP JWT. See: https://datatracker.ietf.org/doc/html/rfc9449#name-dpop-proof-jwt-syntax

func (*RegisteredClaims) IsJti 

func (sc *RegisteredClaims) IsJti(jti string) bool

IsJti reports whether token has a given id.

func (*RegisteredClaims) IsValidIat 

func (sc *RegisteredClaims) IsValidIat(now time.Time) bool

IsValidIat reports whether a token was created before a given time.

type Signer 

type Signer interface {
	Algorithm() Algorithm
	SignSize() int
	Sign(payload []byte) ([]byte, error)
}

Signer is used to sign tokens.

type Token 

type Token struct {
	// contains filtered or unexported fields
}

Token represents a JWT token. See: https://tools.ietf.org/html/rfc7519

func CreateExampleDPoPJWT 

func CreateExampleDPoPJWT(key *ecdsa.PrivateKey, jwk JWK) *Token

func Parse 

func Parse(raw []byte, verifier Verifier) (*Token, error)

Parse decodes a token and verifies it's signature.

func ParseNoVerify 

func ParseNoVerify(raw []byte) (*Token, error)

ParseNoVerify decodes a token from a raw bytes. NOTE: Consider to use Parse with a verifier to verify token signature.

func (*Token) Bytes 

func (t *Token) Bytes() []byte

func (*Token) Claims 

func (t *Token) Claims() json.RawMessage

Claims returns token's claims.

func (*Token) ClaimsPart 

func (t *Token) ClaimsPart() []byte

ClaimsPart returns token claims part.

func (*Token) DecodeClaims 

func (t *Token) DecodeClaims(dst any) error

DecodeClaims into a given parameter.

func (*Token) Header 

func (t *Token) Header() Header

Header returns token's header.

func (*Token) HeaderPart 

func (t *Token) HeaderPart() []byte

HeaderPart returns token header part.

func (*Token) PayloadPart 

func (t *Token) PayloadPart() []byte

PayloadPart returns token payload part.

func (*Token) Signature 

func (t *Token) Signature() []byte

Signature returns token's signature.

func (*Token) SignaturePart 

func (t *Token) SignaturePart() []byte

SignaturePart returns token signature part.

func (*Token) String 

func (t *Token) String() string

type Verifier 

type Verifier interface {
	Algorithm() Algorithm
	Verify(token *Token) error
}

Verifier is used to verify tokens.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.