Documentation ¶
Index ¶
- Constants
- func BuildBytes(signer Signer, claims BinaryMarshaler) ([]byte, error)
- type Algorithm
- type Audience
- type BinaryMarshaler
- type Check
- func AudienceChecker(aud Audience) Check
- func ExpirationTimeChecker(now time.Time) Check
- func IDChecker(jti string) Check
- func IssuedAtChecker(now time.Time) Check
- func IssuerChecker(iss string) Check
- func NotBeforeChecker(now time.Time) Check
- func SubjectChecker(sub string) Check
- func ValidAtChecker(now time.Time) Check
- func ValidAtNowChecker() Check
- type Error
- type Header
- type Signer
- func NewES256(publicKey *ecdsa.PublicKey, privateKey *ecdsa.PrivateKey) (Signer, error)
- func NewES384(publicKey *ecdsa.PublicKey, privateKey *ecdsa.PrivateKey) (Signer, error)
- func NewES512(publicKey *ecdsa.PublicKey, privateKey *ecdsa.PrivateKey) (Signer, error)
- func NewEdDSA(publicKey ed25519.PublicKey, privateKey ed25519.PrivateKey) (Signer, error)
- func NewHS256(key []byte) (Signer, error)
- func NewHS384(key []byte) (Signer, error)
- func NewHS512(key []byte) (Signer, error)
- func NewNoEncrypt() Signer
- func NewPS256(publicKey *rsa.PublicKey, privateKey *rsa.PrivateKey) (Signer, error)
- func NewPS384(publicKey *rsa.PublicKey, privateKey *rsa.PrivateKey) (Signer, error)
- func NewPS512(publicKey *rsa.PublicKey, privateKey *rsa.PrivateKey) (Signer, error)
- func NewRS256(publicKey *rsa.PublicKey, privateKey *rsa.PrivateKey) (Signer, error)
- func NewRS384(publicKey *rsa.PublicKey, privateKey *rsa.PrivateKey) (Signer, error)
- func NewRS512(publicKey *rsa.PublicKey, privateKey *rsa.PrivateKey) (Signer, error)
- type StandardClaims
- func (sc StandardClaims) HasPassedNotBefore(now time.Time) bool
- func (sc StandardClaims) IsExpired(now time.Time) bool
- func (sc StandardClaims) IsID(id string) bool
- func (sc StandardClaims) IsIssuedBefore(now time.Time) bool
- func (sc StandardClaims) IsIssuedBy(issuers ...string) bool
- func (sc StandardClaims) IsPermittedFor(audience string) bool
- func (sc StandardClaims) IsSubject(subject string) bool
- func (sc StandardClaims) MarshalBinary() (data []byte, err error)
- type Timestamp
- type Token
- func Build(signer Signer, claims BinaryMarshaler) (*Token, error)
- func BuildWithHeader(signer Signer, header Header, claims BinaryMarshaler) (*Token, error)
- func Parse(raw []byte) (*Token, error)
- func ParseAndVerify(raw []byte, signer Signer) (*Token, error)
- func ParseAndVerifyString(raw string, signer Signer) (*Token, error)
- func ParseString(raw string) (*Token, error)
- type TokenBuilder
- type Validator
Constants ¶
const ( // ErrInvalidKey indicates that key is invalid. ErrInvalidKey = Error("jwt: key is invalid") // ErrInvalidFormat indicates that token format is invalid. ErrInvalidFormat = Error("jwt: token format is invalid") // ErrInvalidSignature signature wasn't correct. ErrInvalidSignature = Error("jwt: signature is invalid") )
Build and parse errors.
const ( // ErrTokenExpired is the error when token is expited. ErrTokenExpired = Error("jwt: token has expited") // ErrAudValidation is the error for an invalid "aud" claim. ErrAudValidation = Error("jwt: aud claim is invalid") // ErrExpValidation is the error for an invalid "exp" claim. ErrExpValidation = Error("jwt: exp claim is invalid") // ErrIatValidation is the error for an invalid "iat" claim. ErrIatValidation = Error("jwt: iat claim is invalid") // ErrIssValidation is the error for an invalid "iss" claim. ErrIssValidation = Error("jwt: iss claim is invalid") // ErrJtiValidation is the error for an invalid "jti" claim. ErrJtiValidation = Error("jwt: jti claim is invalid") // ErrNbfValidation is the error for an invalid "nbf" claim. ErrNbfValidation = Error("jwt: nbf claim is invalid") // ErrSubValidation is the error for an invalid "sub" claim. ErrSubValidation = Error("jwt: sub claim is invalid") )
Validation errors.
Variables ¶
This section is empty.
Functions ¶
func BuildBytes ¶
func BuildBytes(signer Signer, claims BinaryMarshaler) ([]byte, error)
BuildBytes is used to create and encode JWT with a provided claims.
Types ¶
type Algorithm ¶
type Algorithm string
Algorithm for signing and verifying.
const ( NoEncryption Algorithm = "none" EdDSA Algorithm = "EdDSA" HS256 Algorithm = "HS256" HS384 Algorithm = "HS384" HS512 Algorithm = "HS512" RS256 Algorithm = "RS256" RS384 Algorithm = "RS384" RS512 Algorithm = "RS512" ES256 Algorithm = "ES256" ES384 Algorithm = "ES384" ES512 Algorithm = "ES512" PS256 Algorithm = "PS256" PS384 Algorithm = "PS384" PS512 Algorithm = "PS512" )
Algorithm names for signing and verifying.
type Audience ¶
type Audience []string
Audience is a special claim that be a single string or an array of strings see RFC 7519.
func (Audience) MarshalJSON ¶
MarshalJSON implements a marshaling function for "aud" claim.
func (*Audience) UnmarshalJSON ¶
UnmarshalJSON implements json.Unmarshaler interface.
type BinaryMarshaler ¶
BinaryMarshaler a marshaling interface for user claims.
type Check ¶
type Check func(claims *StandardClaims) error
Check used to validate StandardClaims.
func AudienceChecker ¶
AudienceChecker validates the "aud" claim.
func ExpirationTimeChecker ¶
ExpirationTimeChecker validates the "exp" claim.
func IssuedAtChecker ¶
IssuedAtChecker validates the "iat" claim.
func NotBeforeChecker ¶
NotBeforeChecker validates the "nbf" claim.
func SubjectChecker ¶
SubjectChecker validates the "sub" claim.
func ValidAtChecker ¶
ValidAtChecker validates whether the token is valid at the specified time, based on the values of the IssuedAt, NotBefore and ExpiresAt claims in the claims.
func ValidAtNowChecker ¶
func ValidAtNowChecker() Check
ValidAtNowChecker validates whether the token is valid at the current time, based on the values of the IssuedAt, NotBefore and ExpiresAt claims in the claims.
type Header ¶
type Header struct { Algorithm Algorithm `json:"alg"` Type string `json:"typ,omitempty"` // type of JWS: it can only be "JWT" here ContentType string `json:"cty,omitempty"` KeyID string `json:"kid,omitempty"` }
Header stores JWT header data. see https://tools.ietf.org/html/rfc7515 and https://tools.ietf.org/html/rfc7519
func (Header) MarshalJSON ¶
MarshalJSON implements json.Marshaler interface.
type Signer ¶
type Signer interface { Algorithm() Algorithm Sign(payload []byte) ([]byte, error) Verify(payload, signature []byte) error }
Signer used to sign and verify tokens.
func NewES256 ¶
NewES256 returns new HMAC Signer using RSA and SHA256 hash.
Both public and private keys must not be nil.
func NewES384 ¶
NewES384 returns new HMAC Signer using RSA and SHA384 hash.
Both public and private keys must not be nil.
func NewES512 ¶
NewES512 returns new HMAC Signer using RSA and SHA512 hash.
Both public and private keys must not be nil.
func NewEdDSA ¶
NewEdDSA returns new signer using EdDSA algorithm.
Both public and private keys must not be nil.
func NewNoEncrypt ¶
func NewNoEncrypt() Signer
NewNoEncrypt returns new Signer without encryption. SHOULD NOT BE USED.
func NewPS256 ¶
NewPS256 returns new PS256 Signer using RSA PSS and SHA256 hash.
Both public and private keys must not be nil.
func NewPS384 ¶
NewPS384 returns new PS384 Signer using RSA PSS and SHA384 hash.
Both public and private keys must not be nil.
func NewPS512 ¶
NewPS512 returns new PS512 Signer using RSA PSS and SHA512 hash.
Both public and private keys must not be nil.
func NewRS256 ¶
NewRS256 returns new RSA Signer using RSA and SHA256 hash.
Both public and private keys must not be nil.
type StandardClaims ¶
type StandardClaims struct { // Audience claim identifies the recipients that the JWT is intended for. Audience Audience `json:"aud,omitempty"` // ExpiresAt claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. // Use of this claim is OPTIONAL. ExpiresAt Timestamp `json:"exp,omitempty"` // ID claim provides a unique identifier for the JWT. ID string `json:"jti,omitempty"` // IssuedAt claim identifies the time at which the JWT was issued. // This claim can be used to determine the age of the JWT. // Use of this claim is OPTIONAL. IssuedAt Timestamp `json:"iat,omitempty"` // Issuer claim identifies the principal that issued the JWT. // Use of this claim is OPTIONAL. Issuer string `json:"iss,omitempty"` // NotBefore claim identifies the time before which the JWT MUST NOT be accepted for processing. // Use of this claim is OPTIONAL. NotBefore Timestamp `json:"nbf,omitempty"` // Subject claim identifies the principal that is the subject of the JWT. // Use of this claim is OPTIONAL. Subject string `json:"sub,omitempty"` }
StandardClaims https://tools.ietf.org/html/rfc7519#section-4.1
func (StandardClaims) HasPassedNotBefore ¶
func (sc StandardClaims) HasPassedNotBefore(now time.Time) bool
HasPassedNotBefore returns true if the token activation is used after the given time.
func (StandardClaims) IsExpired ¶
func (sc StandardClaims) IsExpired(now time.Time) bool
IsExpired returns true if the token is expired.
func (StandardClaims) IsID ¶
func (sc StandardClaims) IsID(id string) bool
IsID returns true if claims has the given id.
func (StandardClaims) IsIssuedBefore ¶
func (sc StandardClaims) IsIssuedBefore(now time.Time) bool
IsIssuedBefore returns true if the token was issued before of given time.
func (StandardClaims) IsIssuedBy ¶
func (sc StandardClaims) IsIssuedBy(issuers ...string) bool
IsIssuedBy returns true if the token was issued by any of given issuers.
func (StandardClaims) IsPermittedFor ¶
func (sc StandardClaims) IsPermittedFor(audience string) bool
IsPermittedFor returns true if claims is allowed to be used by the audience.
func (StandardClaims) IsSubject ¶
func (sc StandardClaims) IsSubject(subject string) bool
IsSubject returns true if claims has the given subject.
func (StandardClaims) MarshalBinary ¶
func (sc StandardClaims) MarshalBinary() (data []byte, err error)
MarshalBinary default marshaling to JSON.
type Timestamp ¶
type Timestamp int64
Timestamp represents time as number of seconds from 1970-01-01T00:00:00Z UTC until the specified moment.
func (*Timestamp) UnmarshalJSON ¶
UnmarshalJSON implements json.Unmarshaler interface.
type Token ¶
type Token struct {
// contains filtered or unexported fields
}
Token represents a JWT token.
func Build ¶
func Build(signer Signer, claims BinaryMarshaler) (*Token, error)
Build is used to create and encode JWT with a provided claims.
func BuildWithHeader ¶
func BuildWithHeader(signer Signer, header Header, claims BinaryMarshaler) (*Token, error)
BuildWithHeader is used to create and encode JWT with a provided claims.
func ParseAndVerify ¶
ParseAndVerify decodes a token and verifies it's signature with a given signer.
func ParseAndVerifyString ¶
ParseAndVerifyString decodes a token and verifies it's signature with a given signer.
func (Token) InsecureString ¶
InsecureString returns token as is, with a signature (which may be sensitive).
type TokenBuilder ¶
type TokenBuilder struct {
// contains filtered or unexported fields
}
TokenBuilder is used to create a new token.
func NewTokenBuilder ¶
func NewTokenBuilder(signer Signer) *TokenBuilder
NewTokenBuilder returns new instance of TokenBuilder.
func (*TokenBuilder) Build ¶
func (b *TokenBuilder) Build(claims BinaryMarshaler) (*Token, error)
Build used to create and encode JWT with a provided claims.
func (*TokenBuilder) BuildBytes ¶
func (b *TokenBuilder) BuildBytes(claims BinaryMarshaler) ([]byte, error)
BuildBytes used to create and encode JWT with a provided claims.
type Validator ¶
type Validator struct {
// contains filtered or unexported fields
}
Validator used to validate StandardClaims.
func NewValidator ¶
NewValidator returns new instance of validator.
func (Validator) Validate ¶
func (v Validator) Validate(claims *StandardClaims) error
Validate given claims and return first error.
func (Validator) ValidateAll ¶
func (v Validator) ValidateAll(claims *StandardClaims) []error
ValidateAll will run all the checks and return a slice of errors, if any.