Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrSigningMethodMismatch is the error returned when token is signed with the method other than verified ErrSigningMethodMismatch = errors.New("signing method mismatch") // ErrFailedToParseToken is the error returned when token is failed to parse and validate against secret and expiration date ErrFailedToParseToken = errors.New("failed to parse token") // ErrUnsupportedSigningMethod is the error returned when token is signed with unsupported by the library method ErrUnsupportedSigningMethod = errors.New("unsupported signing method") // ErrInvalidPEMBlock is the error returned for keys expected to be PEM-encoded ErrInvalidPEMBlock = errors.New("invalid RSA: not PEM-encoded") // ErrNotRSAPublicKey is the error returned for invalid RSA public key ErrNotRSAPublicKey = errors.New("invalid RSA: expected PUBLIC KEY block type") // ErrBadPublicKey is the error returned for invalid RSA public key ErrBadPublicKey = errors.New("invalid RSA: failed to assert public key") )
Functions ¶
This section is empty.
Types ¶
type AccessToken ¶
type AccessToken struct {
Type string `json:"token_type"`
Token string `json:"access_token"`
Expires int64 `json:"expires_in"`
}
AccessToken represents a token
func IssueAdminToken ¶
func IssueAdminToken(signingMethod SigningMethod, claims jwt.MapClaims, expireIn time.Duration) (*AccessToken, error)
IssueAdminToken issues admin JWT for API access
type Guard ¶
type Guard struct {
ParserConfig
// Duration that a jwt token is valid. Optional, defaults to one hour.
Timeout time.Duration
// SigningMethod defines new token signing algorithm/key pair.
SigningMethod SigningMethod
// This field allows clients to refresh their token until MaxRefresh has passed.
// Note that clients can refresh their token in the last moment of MaxRefresh.
// This means that the maximum validity timespan for a token is MaxRefresh + Timeout.
// Optional, defaults to 0 meaning not refreshable.
MaxRefresh time.Duration
}
Guard struct
func NewGuard ¶
func NewGuard(cred config.Credentials) Guard
NewGuard creates a new instance of Guard with default handlers
type Handler ¶
type Handler struct {
Guard Guard
}
Handler struct
func (*Handler) Login ¶
func (j *Handler) Login(config config.Credentials) http.HandlerFunc
Login can be used by clients to get a jwt token. Payload needs to be json in the form of {"username": "<USERNAME>", "password": "<PASSWORD>"}. Reply will be of the form {"token": "<TOKEN>"}.
func (*Handler) Refresh ¶
func (j *Handler) Refresh() http.HandlerFunc
Refresh can be used to refresh existing and valid jwt token. Reply will be of the form {"token": "<TOKEN>", "expire": "<DateTime in RFC-3339 format>"}.
type JanusClaims ¶
JanusClaims is the temporary solution for JWT claims validation with leeway support, should be removed as soon as github.com/golang-jwt/jwt 4.0 will be released with leeway support out of the box. This code is loosely based on the solution from https://github.com/golang-jwt/jwt/issues/131
func NewJanusClaims ¶
func NewJanusClaims(leeway int64) *JanusClaims
NewJanusClaims instantiates new JanusClaims
func (*JanusClaims) UnmarshalJSON ¶
func (c *JanusClaims) UnmarshalJSON(text []byte) error
UnmarshalJSON is Unmarshaler interface implementation for JanusClaims to unmarshal nested map claims correctly
func (*JanusClaims) Valid ¶
func (c *JanusClaims) Valid() error
Valid validates time based claims "exp, iat, nbf". As well, if any of the above claims are not in the token, it will still be considered a valid claim.
func (*JanusClaims) VerifyExpiresAt ¶
func (c *JanusClaims) VerifyExpiresAt(cmp int64, req bool) bool
VerifyExpiresAt overrides jwt.StandardClaims.VerifyExpiresAt() to use leeway for check
func (*JanusClaims) VerifyIssuedAt ¶
func (c *JanusClaims) VerifyIssuedAt(cmp int64, req bool) bool
VerifyIssuedAt overrides jwt.StandardClaims.VerifyIssuedAt() to use leeway for check
func (*JanusClaims) VerifyNotBefore ¶
func (c *JanusClaims) VerifyNotBefore(cmp int64, req bool) bool
VerifyNotBefore overrides jwt.StandardClaims.VerifyNotBefore() to use leeway for check
type Middleware ¶
type Middleware struct {
Guard Guard
}
Middleware struct contains data and logic required for middleware functionality
func NewMiddleware ¶
func NewMiddleware(config Guard) *Middleware
NewMiddleware builds and returns new JWT middleware instance
type Parser ¶
type Parser struct {
Config ParserConfig
}
Parser struct
func NewParser ¶
func NewParser(config ParserConfig) *Parser
NewParser creates a new instance of Parser
func (*Parser) GetMapClaims ¶
GetMapClaims returns a map version of Claims Section
type ParserConfig ¶
type ParserConfig struct {
// SigningMethods defines chain of token signature verification algorithm/key pairs.
SigningMethods []SigningMethod
// TokenLookup is a string in the form of "<source>:<name>" that is used
// to extract token from the request.
// Optional. Default value "header:Authorization".
// Possible values:
// - "header:<name>"
// - "query:<name>"
// - "cookie:<name>"
TokenLookup string
// Leeway is the time in seconds to account for clock skew when checking nbf, iat or expiration times
Leeway int64
}
ParserConfig configures the way JWT Parser gets and validates token
func NewParserConfig ¶
func NewParserConfig(leeway int64, signingMethod ...SigningMethod) ParserConfig
NewParserConfig creates a new instance of ParserConfig
type SigningMethod ¶
type SigningMethod struct {
// Alg defines JWT signing algorithm. Possible values are: HS256, HS384, HS512, RS256, RS384, RS512
Alg string `json:"alg"`
Key string `json:"key"`
}
SigningMethod defines signing method algorithm and key
Source Files
Directories