Documentation ¶
Index ¶
- Variables
- func Sign(payload Payload, secretOrPrivateKey interface{}, opt *SignOption) (token []byte, err error)
- func Verify(token []byte, secretOrPrivateKey interface{}, opt *VerifyOption) (header Header, payload Payload, err error)
- type Algorithm
- type Header
- type Payload
- type SignOption
- type VerifyOption
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrEmptyPayload is returned when the payload given to Sign is empty. ErrEmptyPayload = errors.New("jwt: empty payload") // ErrEmptySecretOrPrivateKey is returned when the secret or private key // given is empy. ErrEmptySecretOrPrivateKey = errors.New("jwt: empty secret or private key") // ErrInvalidKeyType is returned when the type of given key is wrong. ErrInvalidKeyType = errors.New("jwt: invalid key") // ErrInvalidSignature is returned when the given signature is invalid. ErrInvalidSignature = errors.New("jwt: invalid signature") // ErrInvalidHeaderType is returned when "typ" not found in header and is not // "JWT". ErrInvalidHeaderType = errors.New("jwt: invalid header type") // ErrInvalidToken is returned when the formation of the token is not // "XXX.XXX.XXX". ErrInvalidToken = errors.New("jwt: invalid token") // ErrInvalidAlgorithm is returned when the algorithm is not support. ErrInvalidAlgorithm = errors.New("jwt: invalid algorithm") // ErrInvalidReservedClaim is returned when the reserved claim dose not match // with the given value in VerifyOption. ErrInvalidReservedClaim = errors.New("jwt: invalid reserved claim") // ErrPayloadMissingIat is returned when the payload is missing "iat". ErrPayloadMissingIat = errors.New("jwt: payload missing iat") // ErrPayloadMissingExp is returned when the payload is missing "exp". ErrPayloadMissingExp = errors.New("jwt: payload missing exp") // ErrTokenExpired is returned when the token is expired. ErrTokenExpired = errors.New("jwt: token expired") )
Functions ¶
func Sign ¶
func Sign(payload Payload, secretOrPrivateKey interface{}, opt *SignOption) (token []byte, err error)
Sign signs the given payload and serect to the JSON web token, when using HMAC algorithm, secretOrPrivateKey's type should be string or [] byte , when using RSA algorithm, secretOrPrivateKey's type should be rsa.PrivateKey. If the opt given is nil, it will use the defualt HS256 algorithm.
Example ¶
package main import ( "crypto/rand" "crypto/rsa" "time" "github.com/DavidCai1993/jwt" ) var ( token []byte err error ) func main() { payload := map[string]interface{}{"foo": "bar"} // Sign with default (HMAC SHA256) token, err = jwt.Sign(payload, "secret", nil) // Sign a jwt which ttl is 10s token, err = jwt.Sign(payload, "secret", &jwt.SignOption{ ExpiresIn: 10 * time.Second, }) privateKey, _ := rsa.GenerateKey(rand.Reader, 1024) // Sign with RSA SHA256 token, err = jwt.Sign(payload, privateKey, &jwt.SignOption{ Algorithm: jwt.RS256, }) }
Output:
func Verify ¶
func Verify(token []byte, secretOrPrivateKey interface{}, opt *VerifyOption) (header Header, payload Payload, err error)
Verify will return the decoded header and payload if the signature, optional expiration, audience, issuer and subject are valid. When using HMAC algorithm, secretOrPrivateKey's type should be string or [] byte , when using RSA algorithm, secretOrPrivateKey's type should be rsa.PrivateKey. If the opt given is nil, it will use the defualt HS256 algorithm.
Example ¶
package main import ( "time" "github.com/DavidCai1993/jwt" ) var ( token []byte err error header jwt.Header payload jwt.Payload ) func main() { // Verify a token symmetric header, payload, err = jwt.Verify(token, "secret", nil) // Verify audience header, payload, err = jwt.Verify(token, "secret", &jwt.VerifyOption{ Audience: "fooAud", }) // Verify issuer header, payload, err = jwt.Verify(token, "secret", &jwt.VerifyOption{ Issuer: "fooIss", }) // Verify subject and expiration header, payload, err = jwt.Verify(token, "secret", &jwt.VerifyOption{ Subject: "fooSub", ClockTolerance: 15 * time.Second, }) }
Output:
Types ¶
type Algorithm ¶
type Algorithm string
Algorithm represents a supported hash algorithms.
const ( // HS256 represents HMAC using SHA-256 hash algorithm. HS256 Algorithm = "HS256" // HS384 represents HMAC using SHA-384 hash algorithm. HS384 Algorithm = "HS384" // HS512 represents HMAC using SHA-512 hash algorithm. HS512 Algorithm = "HS512" // RS256 represents RSASSA using SHA-256 hash algorithm. RS256 Algorithm = "RS256" // RS384 represents RSASSA using SHA-384 hash algorithm. RS384 Algorithm = "RS384" // RS512 represents RSASSA using SHA-512 hash algorithm. RS512 Algorithm = "RS512" )
type SignOption ¶
type SignOption struct { Algorithm Algorithm ExpiresIn time.Duration Audience string Issuer string Subject string // Header is the customized header which will be merged to token's header. Header Header }
SignOption represents the options of Sign.
type VerifyOption ¶
type VerifyOption struct { Algorithm Algorithm Issuer string Audience string Subject string // IngoreExpiration specifies whether to validate the // expiration of the token. IngoreExpiration bool // ClockTolerance specifies the time duration to tolerate when // checking the expiration of the token. ClockTolerance time.Duration }
VerifyOption represents the options of Verify.