jwt

package
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 6, 2022 License: GPL-3.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	OAuthAudienceEnvKey = "OAUTH_AUDIENCE"
	OAuthIssuerEnvKey   = "OAUTH_ISSUER"
	OAuthJWKSUrlEnvKey  = "OAUTH_JWKS_URL"
	DefaultUserProperty = "user"
)

Variables

This section is empty.

Functions

func CheckOAuthScope 

func CheckOAuthScope(jwksUrl, scope string) func(tokenString string) bool

func CheckOAuthScopeFromEnv 

func CheckOAuthScopeFromEnv(scope string) func(tokenString string) bool

func FromAuthHeader 

func FromAuthHeader(r libhttp.Request) (string, error)

func OnError 

func OnError(r libhttp.Request, errMsg string) libhttp.Response

func OnScopeInsufficient 

func OnScopeInsufficient(r libhttp.Request, errMsg string) libhttp.Response

func ValidationKeyGetterFromEnv 

func ValidationKeyGetterFromEnv() jwt.Keyfunc

func ValidationKeyGetterFromMetaData 

func ValidationKeyGetterFromMetaData(aud, iss, jwksUrl string) jwt.Keyfunc

Types

type CustomClaims 

type CustomClaims struct {
	Scope string `json:"scope"`
	jwt.StandardClaims
}

type EmptyTokenHandler 

type EmptyTokenHandler libhttp.Service

type ErrorHandler 

type ErrorHandler func(r libhttp.Request, errMsg string) libhttp.Response

type JSONWebKeys 

type JSONWebKeys struct {
	Kty string   `json:"kty"`
	Kid string   `json:"kid"`
	Use string   `json:"use"`
	N   string   `json:"n"`
	E   string   `json:"e"`
	X5c []string `json:"x5c"`
}

type Jwks 

type Jwks struct {
	Keys []JSONWebKeys `json:"keys"`
}

type Option 

type Option func(j *Validator)

func WithCredentialsOptional 

func WithCredentialsOptional(o bool) Option

func WithDebug 

func WithDebug() Option

func WithEmptyTokenHandler 

func WithEmptyTokenHandler(e EmptyTokenHandler) Option

func WithEnvScopeChecker 

func WithEnvScopeChecker(scope string) Option

func WithEnvValidationKeyGetter 

func WithEnvValidationKeyGetter() Option

func WithScopeCheckErrorHandler 

func WithScopeCheckErrorHandler(e ErrorHandler) Option

func WithScopeChecker 

func WithScopeChecker(s ScopeChecker) Option

func WithSigningMethod 

func WithSigningMethod(s jwt.SigningMethod) Option

func WithTokenExtractor 

func WithTokenExtractor(extractor TokenExtractor) Option

func WithTokenExtractors 

func WithTokenExtractors(extractors ...TokenExtractor) Option

func WithUserProperty 

func WithUserProperty(u string) Option

func WithValidationKeyGetter 

func WithValidationKeyGetter(getter jwt.Keyfunc) Option

type ScopeChecker 

type ScopeChecker func(tokenString string) bool

type TokenExtractor 

type TokenExtractor func(r libhttp.Request) (string, error)

func FromFirst 

func FromFirst(extractors ...TokenExtractor) TokenExtractor

FromFirst returns a function that runs multiple token extractors and takes the first token it finds

func TokenExtractorFromParameter 

func TokenExtractorFromParameter(param string) TokenExtractor

TokenExtractorFromParameter returns a TokenExtractor that extracts the token from the specified query string parameter

type Validator 

type Validator struct {

	// If you are too lazy to scope check in your request handlers, you can do it here
	ScopeChecker ScopeChecker

	// Callback for an unsuccessful Errorcheck
	// Default value: OnScopeInsufficient
	ScopeCheckErrorHandler ErrorHandler

	// The function that will return the Key to validate the JWT.
	// It can be either a shared secret or a public key.
	// Default value: ValidationKeyGetterFromEnv()
	ValidationKeyGetter jwt.Keyfunc

	// The name of the property in the request where the user information
	// from the JWT will be stored.
	// Default value: "user"
	UserProperty string

	// The function that will be called when there's an error validating the token
	// Default value: OnError
	ErrorHandler ErrorHandler

	// The function that will be called when there is no token set
	// Default value: OnEmptyToken
	EmptyTokenHandler EmptyTokenHandler

	// A boolean indicating if the credentials are required or not
	// Default value: false
	CredentialsOptional bool

	// A function that extracts the token from the request
	// Default: FromAuthHeader (i.e., from Authorization header as bearer token)
	Extractor TokenExtractor

	// Debug flag turns on debugging output
	// Default: false
	Debug bool

	// When set, all requests with the OPTIONS method will use authentication
	// Default: false
	EnableAuthOnOptions bool

	// When set, the middleware verifies that tokens are signed with the specific signing algorithm
	// If the signing method is not constant the ValidationKeyGetter callback can be used to implement additional checks
	// Important to avoid security issues described here: https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
	// Default: jwt.SigningMethodRS256
	SigningMethod jwt.SigningMethod
}

func New 

func New(options ...Option) *Validator

New constructs a new Secure instance with supplied

func (*Validator) Middleware 

func (j *Validator) Middleware(r libhttp.Request, service libhttp.Service) libhttp.Response

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.