Documentation ¶
Index ¶
- Constants
- func DecryptWithKey(k crypto.PrivateKey, cipherText string) (string, error)
- func EncryptWithKey(k crypto.PrivateKey, message []byte) (string, error)
- func GenerateClientID() string
- func GenerateClientSecret(isPublicClient bool) string
- func GetKeyID(key *jose.JSONWebKey) (string, error)
- func GetKeySetFromJWKSEndpoint(ctx context.Context, jwksEndpoint string) (jwt.KeySet, error)
- func GetKeySetFromPublicKeys(keys []crypto.PublicKey) (jwt.KeySet, error)
- func NewKeySet(pubKeys []crypto.PublicKey) (*jose.JSONWebKeySet, error)
- func NewRSA4096PEMKey() ([]byte, error)
- func SignAccessToken(k crypto.PrivateKey, claims jwt.Claims, customClaims interface{}, keyID string) (string, error)
- func SignIDToken(k crypto.PrivateKey, claims jwt.Claims, customClaims interface{}, keyID string) (string, error)
- type RSAKey
Constants ¶
const ( SigningAlgorithmRS256 = "RS256" JWKUseSignature = "sig" )
const ( // JWTHeaderTypeAccessToken is the header type of the access token, // as defined in RFC9068 // https://www.rfc-editor.org/rfc/rfc9068 // Also see https://datatracker.ietf.org/doc/html/rfc8725#section-3.11 // where the use of explicit typing is now recommended. JWTHeaderTypeAccessToken = "at+jwt" JWTHeaderTypeIDToken = "id_token+jwt" )
const (
Hex = "0123456789abcdefABCDEF"
)
const RSAPrivateKeyPEMType = "RSA PRIVATE KEY"
Variables ¶
This section is empty.
Functions ¶
func DecryptWithKey ¶
func DecryptWithKey(k crypto.PrivateKey, cipherText string) (string, error)
DecryptWithKey decrypts a ciphertext with a private key, then base64-URL decodes it.
func EncryptWithKey ¶
func EncryptWithKey(k crypto.PrivateKey, message []byte) (string, error)
EncryptWithKey encrypts a message with a private key, then base64-URL encodes it.
func GenerateClientID ¶
func GenerateClientID() string
GenerateClientID is a helper function to generate an OAuth client ID.
func GenerateClientSecret ¶
GenerateClientSecret is a helper function to generate an OAuth client secret.
func GetKeyID ¶
GetKeyID generates the key ID according to the format specified in RFC7638 - hash the JWK and base64 URL encode it. https://www.rfc-editor.org/rfc/rfc7638#section-3.1
func GetKeySetFromJWKSEndpoint ¶
GetKeySetFromJWKSEndpoint returns a keyset that can be used to verify JWT signatures using the keys found at the given JWKS URI.
func GetKeySetFromPublicKeys ¶
func NewRSA4096PEMKey ¶
NewRSA4096PEMKey generates an RSA key and returns it in a PEM-encoded format.
func SignAccessToken ¶
func SignAccessToken(k crypto.PrivateKey, claims jwt.Claims, customClaims interface{}, keyID string) (string, error)
SignAccessToken signs an access token with the given private key.
func SignIDToken ¶
func SignIDToken(k crypto.PrivateKey, claims jwt.Claims, customClaims interface{}, keyID string) (string, error)
SignIDToken signs an ID token with the given private key.
Types ¶
type RSAKey ¶
type RSAKey struct { Private *rsa.PrivateKey Public *rsa.PublicKey }
func Generate4096BitsRSAKey ¶
Generate4096BitsRSAKey generates a 4096-bits RSA keypair.