jwt

package module
v0.0.0-...-86d6291 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 22, 2017 License: Apache-2.0 Imports: 13 Imported by: 6

README

go-jwt JWT Compatible

Build Status Go Report Card Golang JSON Web Token builder with easy to use API for JWS and nested JWT (JWS+JWE)

It wraps and is inspired by gopkg.in/square/go-jose.v2 (especially jwt subpackage)

NOTE: Please, make sure you get fixed version of go-jose.v2. https://github.com/square/go-jose/issues/142

Usage:

package main

import (
    "fmt"
    "github.com/Bplotka/go-jwt"
)

func main() {
    p := "some_payload"
    cl := jwt.Claims{
        // Your standard claims here...
    }
    
    b, err := jwt.NewDefaultBuilder() // or jwt.NewBuilder(rsaPrvKey, signAlg, keyAlg, contentAlg)
    if err != nil {
        // Handle error here...
    }
    
    token, err := b.SignedAndEncryptedJWT().
        Claims(cl).
        Payload(p).
        CompactSerialize()
    if err != nil {
        // Handle error here...
    }
    
    // Generated valid nested JWT in `token` variable!
    // (....)
    // Let's revert the process:
     
    obtainer := b.FromSignedAndEncryptedJWT(token)
    
    var fetched string
    err = obtainer.Payload(&fetched)
    if err != nil {
        // Handle error here..
    }
    
    // We have "some_payload" again in `fetched` variable.
    
    fetchedStdClaims, err := obtainer.StdClaims()
    if err != nil {
        // Handle error here..
    }
    
    // We have our standard claims again in `fetchedStdClaims` variable.
    fmt.Println(fetchedStdClaims.Issuer)
    fmt.Println(fetchedStdClaims.Subject)
    // ...
}

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Builder

type Builder struct {
	*SignedObtainer
	// contains filtered or unexported fields
}

Builder is an builder that is able to construct nested JWT or JWS with custom payload claim or other claims. (Nested JSON Web Token is token that is signed and encrypted respectively). For each instance separate private RSA key is assigned, which is used to constructs and obtain all tokens. All JWT generated from builder will have headers in form of:

cty: JWT
typ: JWT
alg: algorithm used for signing or key management.
enc: algorithm used for encryption if encryption was used.
kid: hash of key used.

func NewBuilder

func NewBuilder(
	prvKey *rsa.PrivateKey,
	signatureAlgorithm jose.SignatureAlgorithm,
	keyAlgorithm jose.KeyAlgorithm,
	contentAlgorithm jose.ContentEncryption,
) (*Builder, error)

NewBuilder constructs new Builder that is able to construct and read all types of JSON Web tokens.

func NewDefaultBuilder

func NewDefaultBuilder() (*Builder, error)

NewDefaultBuilder constructs new Builder that is able to construct and read all types of JSON Web tokens. Uses default signature, key and content algorithms. Private key is auto-generated.

func (*Builder) FromJWE

func (j *Builder) FromJWE(token string) *ObtainerWrapper

FromJWE decrypts JSON Web Token's. Returned ObtainerWrapper can be used to fetch claims. Decryption is done by ObtainerWrapper.

func (*Builder) FromSignedAndEncryptedJWT

func (j *Builder) FromSignedAndEncryptedJWT(token string) *ObtainerWrapper

FromSignedAndEncryptedJWT parsed given token as nested JSON Web Token's and decrypts it. Returned ObtainerWrapper can be used to fetch claims. Signature verification is done by ObtainerWrapper.

func (*Builder) JWE

func (j *Builder) JWE() *BuilderWrapper

JWE constructs JSON Web Token that is only encrypted.

func (*Builder) JWS

func (j *Builder) JWS() *BuilderWrapper

JWS constructs JSON Web Token that is only signed.

func (*Builder) SignedAndEncryptedJWT

func (j *Builder) SignedAndEncryptedJWT() *BuilderWrapper

SignedAndEncryptedJWT constructs nested JSON Web Token that is both signed and encrypted respectively

type BuilderWrapper

type BuilderWrapper struct {
	// contains filtered or unexported fields
}

BuilderWrapper wraps specified engine and enabling packing and serializing claims into single token.

func (*BuilderWrapper) Claims

func (b *BuilderWrapper) Claims(claims interface{}) *BuilderWrapper

Claims encodes claims into JWE/JWS form. Multiple calls will merge claims into single JSON object.

func (*BuilderWrapper) CompactSerialize

func (b *BuilderWrapper) CompactSerialize() (string, error)

CompactSerialize serializes constructed token into compact form.

func (*BuilderWrapper) Payload

func (b *BuilderWrapper) Payload(payload interface{}) *BuilderWrapper

Payload encodes payload into JWE/JWS form in a `payload` field. Multiple calls will override payload.

type Claims

type Claims struct {
	Issuer    string      `json:"iss,omitempty"`
	Subject   string      `json:"sub,omitempty"`
	Audience  []string    `json:"aud,omitempty"`
	Expiry    NumericDate `json:"exp,omitempty"`
	NotBefore NumericDate `json:"nbf,omitempty"`
	IssuedAt  NumericDate `json:"iat,omitempty"`
	ID        string      `json:"jti,omitempty"`
	// contains filtered or unexported fields
}

Claims specify registered claim names specified in https://tools.ietf.org/html/rfc7519#section-4.1.

func (Claims) Validate

func (c Claims) Validate(e Claims) error

Validate checks claims in a token against expected values.

func (Claims) ValidateExpiryWithLeeway

func (c Claims) ValidateExpiryWithLeeway(leeway time.Duration) error

ValidateExpiryWithLeeway checks time based claims. A custom leeway may be specified for comparing time values. You may pass a zero value to check time values with no leeway, but you should note that numeric date values are rounded to the nearest second and sub-second precision is not supported.

type NumericDate

type NumericDate int64

NumericDate represents date and time as the number of seconds since the epoch, including leap seconds. Non-integer values can be represented in the serialized format, but we round to the nearest second.

func NewNumericDate

func NewNumericDate(t time.Time) NumericDate

NewNumericDate constructs NumericDate from time.Time value.

func (NumericDate) MarshalJSON

func (n NumericDate) MarshalJSON() ([]byte, error)

MarshalJSON serializes the given NumericDate into its JSON representation.

func (NumericDate) Time

func (n NumericDate) Time() time.Time

Time returns time.Time representation of NumericDate.

func (*NumericDate) UnmarshalJSON

func (n *NumericDate) UnmarshalJSON(b []byte) error

UnmarshalJSON reads a date from its JSON representation.

type ObtainerWrapper

type ObtainerWrapper struct {
	// contains filtered or unexported fields
}

ObtainerWrapper wraps token and enables deserialization from token.

func (*ObtainerWrapper) Claims

func (o *ObtainerWrapper) Claims(out interface{}) error

Claims decodes claims from JWE/JWS form. Multiple calls are allowed.

func (*ObtainerWrapper) Payload

func (o *ObtainerWrapper) Payload(out interface{}) error

Payload decodes payload from JWE/JWS form. Multiple calls are allowed.

func (*ObtainerWrapper) StdClaims

func (o *ObtainerWrapper) StdClaims() (Claims, error)

StdClaims decodes standard registered claims from JWE/JWS form. Multiple calls are allowed.

type SignedObtainer

type SignedObtainer struct {
	// contains filtered or unexported fields
}

SignedObtainer is struct that is able only to parse not encrypted JSON Web tokens.

func NewSignedObtainer

func NewSignedObtainer(publicKey *jose.JSONWebKey) *SignedObtainer

NewSignedObtainer constructs SignedObtainer.

func (*SignedObtainer) FromJWS

func (j *SignedObtainer) FromJWS(token string) *ObtainerWrapper

FromJWS parses given JWS. Returned ObtainerWrapper can be used to fetch claims. Signature verification is done by ObtainerWrapper.

func (*SignedObtainer) PublicJWK

func (j *SignedObtainer) PublicJWK() jose.JSONWebKey

PublicJWK gets Public RSA key wrapped in JSON Web Key used by this Obtainer.

func (*SignedObtainer) PublicRSAKey

func (j *SignedObtainer) PublicRSAKey() rsa.PublicKey

PublicRSAKey gets Public RSA key used by this Obtainer.

func (*SignedObtainer) VerifyStdClaims

func (j *SignedObtainer) VerifyStdClaims(claims Claims, expected Claims) error

VerifyStdClaims verifies standard "iss", "sub", "aud", "exp" claims from JWT RFC (https://tools.ietf.org/html/rfc7519).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL