README
¶
jwt middleware
A middleware that will check that a JWT is sent on the Authorization header and will then set the content of the JWT into the user variable of the request.
This module lets you authenticate HTTP requests using JWT tokens in your Go Programming Language applications. JWTs are typically used to protect API endpoints, and are often issued using OpenID Connect.
Key Features
- Ability to check the
Authorizationheader for a JWT - Decode the JWT and set the content of it to the request context
Token Extraction
The default value for the Extractor option is the FromAuthHeader
function which assumes that the JWT will be provided as a bearer token
in an Authorization header, i.e.,
Authorization: bearer {token}
To extract the token from a query string parameter, you can use the
FromParameter function, e.g.,
jwtmiddleware.New(jwtmiddleware.Options{
Extractor: jwtmiddleware.FromParameter("auth_code"),
})
In this case, the FromParameter function will look for a JWT in the
auth_code query parameter.
Or, if you want to allow both, you can use the FromFirst function to
try and extract the token first in one way and then in one or more
other ways, e.g.,
jwtmiddleware.New(jwtmiddleware.Options{
Extractor: jwtmiddleware.FromFirst(jwtmiddleware.FromAuthHeader,
jwtmiddleware.FromParameter("auth_code")),
})
Documentation
¶
Overview ¶
Package jwt is a simple net/http middleware for jwt
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FromAuthHeader ¶
FromAuthHeader is a "TokenExtractor" that takes a give request and extracts the JWT token from the Authorization header.
Types ¶
type JWTMiddleware ¶
type JWTMiddleware struct {
Options Options
}
JWTMiddleware contains jwt config options
func New ¶
func New(options ...Options) *JWTMiddleware
New constructs a new Secure instance with supplied options.
func (*JWTMiddleware) CheckJWT ¶
func (m *JWTMiddleware) CheckJWT(w http.ResponseWriter, r *http.Request) (*http.Request, error)
CheckJWT check jwt
func (*JWTMiddleware) Handler ¶
func (m *JWTMiddleware) Handler(h http.Handler) http.Handler
Handler implements the http handler
func (*JWTMiddleware) HandlerWithNext ¶
func (m *JWTMiddleware) HandlerWithNext(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
HandlerWithNext Special implementation for Negroni, but could be used elsewhere.
type Options ¶
type Options struct {
// The function that will return the Key to validate the JWT.
// It can be either a shared secret or a public key.
// Default value: nil
ValidationKeyGetter jwt.Keyfunc
// The function that will be called when there's an error validating the token
// Default value:
ErrorHandler errorHandler
// A function that extracts the token from the request
// Default: FromAuthHeader (i.e., from Authorization header as bearer token)
Extractor TokenExtractor
// When set, the middleware verifies that tokens are signed with the specific signing algorithm
// If the signing method is not constant the ValidationKeyGetter callback can be used to implement additional checks
// Important to avoid security issues described here: https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
// Default: nil
SigningMethod jwt.SigningMethod
// The name of the property in the request where the user information
// from the JWT will be stored.
// Default value: "user"
UserProperty string
// A boolean indicating if the credentials are required or not
// Default value: false
CredentialsOptional bool
// Debug flag turns on debugging output
// Default: false
Debug bool
// When set, all requests with the OPTIONS method will use authentication
// Default: false
EnableAuthOnOptions bool
}
Options is a struct for specifying configuration options for the middleware.
type TokenExtractor ¶
TokenExtractor is a function that takes a request as input and returns either a token or an error. An error should only be returned if an attempt to specify a token was found, but the information was somehow incorrectly formed. In the case where a token is simply not present, this should not be treated as an error. An empty string should be returned in that case.
func FromCookie ¶
func FromCookie(accessTokenName string) TokenExtractor
FromCookie returns a function that extracts the token from the specified key in the HTTP cookie, like "access_token"
func FromFirst ¶
func FromFirst(extractors ...TokenExtractor) TokenExtractor
FromFirst returns a function that runs multiple token extractors and takes the first token it finds
func FromParameter ¶
func FromParameter(param string) TokenExtractor
FromParameter returns a function that extracts the token from the specified query string parameter
Source Files
Directories