jwkfetch

package module

v0.1.1 Latest Latest Go to latest Published: Jul 22, 2019 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Soluto/fetch-jwk

Links

Open Source Insights

README ¶

fetch-jwk

This library provides methods to fetch jwt keys from jwks url

Rationale

If you're using library like jwt-go for JWT validation you should supply Keyfunc that receives the JWT and returns public key for the JWT.

This library provides set of such key functions.

Usage

In the following example the JWT iss claim is test-issuer.com. If the OpenID Connect server discovery page URL is https://test-issuer.com/.well-known/openid-configuration (just like Goodle or Azure AD are) you can use FromIssuerClaim key function.

Otherwise you can use FromDiscoverURL or FromJWKsURL functions.

import (
    "fmt"
    jwkfetch "github.com/Soluto/fetch-jwk"
    jwt "github.com/dgrijalva/jwt-go"
)

var tokenString = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJleHAiOjE1MDAwLCJpc3MiOiJ0ZXN0LWlzc3Vlci5jb20iLCJhdWQiOiJ0ZXMtYXVkaWVuY2UifQ.dOUobGY8J6yxll7hGMWyQ9sVPsrCIjVNuFB1gsMhF4s"

token, err := jwt.Parse(tokenString, jwkfetch.FromIssuerClaim)

if token.Valid {
    fmt.Println("You look nice today")
} else if ve, ok := err.(*jwt.ValidationError); ok {
    if ve.Errors&jwt.ValidationErrorMalformed != 0 {
        fmt.Println("That's not even a token")
    } else if ve.Errors&(jwt.ValidationErrorExpired|jwt.ValidationErrorNotValidYet) != 0 {
        // Token is either expired or not active yet
        fmt.Println("Timing is everything")
    } else {
        fmt.Println("Couldn't handle this token:", err)
    }
} else {
    fmt.Println("Couldn't handle this token:", err)
}

JWK Caching

JWK that were used for JWT validation are cached and used to validate another JWT with same issuer.

Note: JWK are being changed usually every 24 hours. So the library refreshes the cache automatically every 24 hours.

If issuer or jwks_url are known in advance use Init method during your app startup.

API Reference

API reference documentation is here.

License

Licensed under the MIT License

Documentation ¶

Overview ¶

Package jwkfetch implements JSON Web Keys fetching in several ways

Index ¶

func FromDiscoverURL(discoverURL string) func(*jwt.Token) (interface{}, error)
func FromIssuerClaim() func(*jwt.Token) (interface{}, error)
func FromJWKsURL(jwksURL string) func(*jwt.Token) (interface{}, error)
func Init(providers []JWKProvider) error
type JWKProvider

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func FromDiscoverURL ¶

func FromDiscoverURL(discoverURL string) func(*jwt.Token) (interface{}, error)

FromDiscoverURL - fetches JWT keys from jwks_url found in configuration from OpenID discover URL.

func FromIssuerClaim ¶

func FromIssuerClaim() func(*jwt.Token) (interface{}, error)

FromIssuerClaim extracts issuer from JWT token assuming that OpenID discover URL is <iss>+/.well-known/openid-configuration. Then fetches JWT keys from jwks_url found in configuration

func FromJWKsURL ¶

func FromJWKsURL(jwksURL string) func(*jwt.Token) (interface{}, error)

FromJWKsURL fetches JWT keys from jwks_url

func Init ¶

func Init(providers []JWKProvider) error

Init initializes fetch jwt package

Types ¶

type JWKProvider ¶

type JWKProvider struct {
	Issuer      string
	DiscoverURL string
	JWKURL      string
}

JWKProvider structure for jwk config

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL