README
¶
go-jwks-api-auth
This library provides a method to retrieve the public key from Auth0's endpoint that serves JWKS for JWT validation. It was designed around Auth0's API authentication implementation, although any API that serves JWKS on the /.well-known/jwks.json endpoint would work as well.
Usage
This library is intended to be used with auth0/go-jwt-middleware, more specifically in the ValidationKeyGetter callback.
GetPublicKey() asks for a target iss and aud to perform verification against the token, which could be forged by malicious actors to request JWKS from their own endpoint and/or target an arbitrary resource server.
The following example performs validation via JWKS (asymmetric, RS256) as well as standard client secret (symmetric, HS256).
jwtMiddleware := jwtmiddleware.New(jwtmiddleware.Options{
ValidationKeyGetter: func(token *jwt.Token) (interface{}, error) {
var (
decoded []byte
err error
)
// If kid exists then get the public key from the JWT's iss, otherwise use client secret
if _, ok := token.Header["kid"]; ok {
decoded, err = jwks.GetPublicKey(token, "TARGET_ISS", "TARGET_AUD")
} else {
decoded, err = base64.URLEncoding.DecodeString("AUTH0_CLIENT_SECRET")
}
if err != nil {
return nil, err
}
return decoded, nil
},
})
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetPublicKey ¶
GetPublicKey verifies the desired iss and aud against the token's claims, and then tries to fetch a public key from the iss. It returns the public key as byte slice on success and error on failure.
Types ¶
This section is empty.
Source Files