Documentation ¶
Index ¶
- Variables
- func CheckNonce(nonce string) (bool, error)
- func GenerateNonce(length int) string
- func GenerateRandomBits(bits int) ([]byte, error)
- func Jkt(jwk JWK) (string, error)
- func ParseClaims(raw []byte, verifier Verifier, claims any) error
- type Algorithm
- type Audience
- type Builder
- type BuilderOption
- type Cnf
- type ESAlg
- type Header
- type JWK
- type NumericDate
- type RegisteredClaims
- type Signer
- type Token
- func (t *Token) Bytes() []byte
- func (t *Token) Claims() json.RawMessage
- func (t *Token) ClaimsPart() []byte
- func (t *Token) DecodeClaims(dst any) error
- func (t *Token) Header() Header
- func (t *Token) HeaderPart() []byte
- func (t *Token) PayloadPart() []byte
- func (t *Token) Signature() []byte
- func (t *Token) SignaturePart() []byte
- func (t *Token) String() string
- type Verifier
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNilKey indicates that key is nil. ErrNilKey = errors.New("key is nil") // ErrInvalidKey indicates that key is not valid. ErrInvalidKey = errors.New("key is not valid") // ErrUnsupportedAlg indicates that given algorithm is not supported. ErrUnsupportedAlg = errors.New("algorithm is not supported") // ErrNotJWTType indicates that JWT token type is not JWT. // Deprecated: leftover after a wrong feature, present due to backward compatibility. ErrNotJWTType = errors.New("token of not JWT type") // ErrInvalidFormat indicates that token format is not valid. ErrInvalidFormat = errors.New("token format is not valid") // ErrAudienceInvalidFormat indicates that audience format is not valid. ErrAudienceInvalidFormat = errors.New("audience format is not valid") // ErrDateInvalidFormat indicates that date format is not valid. ErrDateInvalidFormat = errors.New("date is not valid") // ErrAlgorithmMismatch indicates that token is signed by another algorithm. ErrAlgorithmMismatch = errors.New("token is signed by another algorithm") // ErrInvalidSignature indicates that signature is not valid. ErrInvalidSignature = errors.New("signature is not valid") // ErrUninitializedToken indicates that token was not create with Parse func. ErrUninitializedToken = errors.New("token was not initialized") )
JWT sign, verify, build and parse errors.
Functions ¶
func CheckNonce ¶
func GenerateNonce ¶
func GenerateRandomBits ¶
Generates a random key of the given bits length.
Types ¶
type Algorithm ¶
type Algorithm string
Algorithm for signing and verifying.
const (
ES256 Algorithm = "ES256"
)
Algorithm names for signing and verifying.
type Audience ¶
type Audience []string
Audience is a special claim that be a single string or an array of strings See: https://tools.ietf.org/html/rfc7519
func (Audience) MarshalJSON ¶
MarshalJSON implements a marshaling function for "aud" claim.
func (*Audience) UnmarshalJSON ¶
UnmarshalJSON implements json.Unmarshaler interface.
type Builder ¶
type Builder struct {
// contains filtered or unexported fields
}
Builder is used to create a new token. Safe to use concurrently.
func NewBuilder ¶
func NewBuilder(signer Signer, opts ...BuilderOption) *Builder
NewBuilder returns new instance of Builder.
type BuilderOption ¶
type BuilderOption func(*Builder)
BuilderOption is used to modify builder properties.
func WithContentType ¶
func WithContentType(cty string) BuilderOption
WithContentType sets `cty` header for token.
func WithJWK ¶
func WithJWK(jwk JWK) BuilderOption
WithJWK sets `jwk` header with the given JSON Web Key
func WithTyp ¶
func WithTyp(typ string) BuilderOption
WithTyp sets `typ` header for token with the given string.
type Cnf ¶
type Cnf struct {
Jkt string `json:"jkt,omitempty"`
}
Cnf represents a single proof-of-possession key
type ESAlg ¶
type ESAlg struct {
// contains filtered or unexported fields
}
func NewSignerES ¶
func NewSignerES(alg Algorithm, key *ecdsa.PrivateKey) (*ESAlg, error)
NewSignerES returns a new ECDSA-based signer.
func NewVerifierES ¶
NewVerifierES returns a new ECDSA-based verifier.
type Header ¶
type Header struct { Type string `json:"typ"` Algorithm Algorithm `json:"alg"` Jwk JWK `json:"jwk"` // stores a JWK public key ContentType string `json:"cty,omitempty"` KeyID string `json:"kid,omitempty"` }
Header represents a DPoPJWT header data.
func (Header) MarshalJSON ¶
MarshalJSON implements the json.Marshaler interface.
type JWK ¶
type JWK struct { Crv string `json:"crv"` Kty string `json:"kty"` X string `json:"x"` Y string `json:"y"` }
Public JWK of EC type
type NumericDate ¶
NumericDate represents date for StandardClaims See: https://tools.ietf.org/html/rfc7519#section-2
func NewNumericDate ¶
func NewNumericDate(t time.Time) *NumericDate
NewNumericDate creates a new NumericDate value from time.Time.
func (NumericDate) MarshalJSON ¶
func (t NumericDate) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface.
func (*NumericDate) UnmarshalJSON ¶
func (t *NumericDate) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface.
type RegisteredClaims ¶
type RegisteredClaims struct { // Jti claim provides a unique identifier for the DPoP Proof JWT Jti string `json:"jti"` // Htm claim provides the value of the HTTP method of the request to which // the JWT is attached Htm string `json:"htm"` // Htu claim provides the HTTP target URI of the request to which the // JWT is attached, without query and fragment parts Htu string `json:"htu"` // Iat claim provides the creation timestamp of the JWT Iat *NumericDate `json:"iat"` // Nonce claim provides the authorization server-provided nonce Nonce string `json:"nonce,omitempty"` Cnf Cnf `json:"cnf,omitempty"` }
RegisteredClaims represents the minimal claims for DPoP JWT. See: https://datatracker.ietf.org/doc/html/rfc9449#name-dpop-proof-jwt-syntax
func (*RegisteredClaims) IsJti ¶
func (sc *RegisteredClaims) IsJti(jti string) bool
IsJti reports whether token has a given id.
func (*RegisteredClaims) IsValidIat ¶
func (sc *RegisteredClaims) IsValidIat(now time.Time) bool
IsValidIat reports whether a token was created before a given time.
type Token ¶
type Token struct {
// contains filtered or unexported fields
}
Token represents a JWT token. See: https://tools.ietf.org/html/rfc7519
func CreateExampleDPoPJWT ¶
func CreateExampleDPoPJWT(key *ecdsa.PrivateKey, jwk JWK) *Token
func ParseNoVerify ¶
ParseNoVerify decodes a token from a raw bytes. NOTE: Consider to use Parse with a verifier to verify token signature.
func (*Token) ClaimsPart ¶
ClaimsPart returns token claims part.
func (*Token) DecodeClaims ¶
DecodeClaims into a given parameter.
func (*Token) HeaderPart ¶
HeaderPart returns token header part.
func (*Token) PayloadPart ¶
PayloadPart returns token payload part.
func (*Token) SignaturePart ¶
SignaturePart returns token signature part.