Documentation ¶
Overview ¶
Package jwtkms provides an AWS KMS(Key Management Service) adapter to be used with the popular GoLang JWT library
Importing this package will auto register the provided SigningMethods and make them available for use. Make sure to use a keyConfig with a keyId that provides the requested SigningMethod's algorithm for Sign/Verify.
By default JWT signature verification will happen by downloading and caching the public key of the KMS key, but you can also set verifyWithKMS to true if you want the KMS to verify the signature instead.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( SigningMethodECDSA256 *ECDSASigningMethod SigningMethodECDSA384 *ECDSASigningMethod SigningMethodECDSA512 *ECDSASigningMethod SigningMethodRS256 *RSASigningMethod SigningMethodRS384 *RSASigningMethod SigningMethodRS512 *RSASigningMethod )
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// contains filtered or unexported fields
}
Config is a struct to be passed to token signing/verification.
func NewKMSConfig ¶
NewKMSConfig create a new Config with specified parameters.
type ECDSASigningMethod ¶
type ECDSASigningMethod struct {
// contains filtered or unexported fields
}
ECDSASigningMethod is an ECDSA implementation of the SigningMethod interface that uses KMS to Sign/Verify JWTs.
func (*ECDSASigningMethod) Alg ¶
func (m *ECDSASigningMethod) Alg() string
func (*ECDSASigningMethod) Sign ¶
func (m *ECDSASigningMethod) Sign(signingString string, keyConfig interface{}) (string, error)
func (*ECDSASigningMethod) Verify ¶
func (m *ECDSASigningMethod) Verify(signingString, signature string, keyConfig interface{}) error
type KMSClient ¶
type KMSClient interface { SignWithContext(aws.Context, *kms.SignInput, ...request.Option) (*kms.SignOutput, error) VerifyWithContext(aws.Context, *kms.VerifyInput, ...request.Option) (*kms.VerifyOutput, error) GetPublicKeyWithContext(aws.Context, *kms.GetPublicKeyInput, ...request.Option) (*kms.GetPublicKeyOutput, error) }
KMSClient is the subset of `*kms.Client` functionality used when signing and verifying JWTs. It is an interface here so users do not need to depend on the full-sized `*kms.Client` object and can substitute their own implementation.
type RSASigningMethod ¶
type RSASigningMethod struct {
// contains filtered or unexported fields
}
RSASigningMethod is an RSA implementation of the SigningMethod interface that uses KMS to Sign/Verify JWTs.
func (*RSASigningMethod) Alg ¶
func (m *RSASigningMethod) Alg() string
func (*RSASigningMethod) Sign ¶
func (m *RSASigningMethod) Sign(signingString string, keyConfig interface{}) (string, error)
func (*RSASigningMethod) Verify ¶
func (m *RSASigningMethod) Verify(signingString, signature string, keyConfig interface{}) error