Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
Functions ¶
This section is empty.
Types ¶
type JWTValidator ¶
type JWTValidator struct {
// contains filtered or unexported fields
}
func NewValidator ¶
func NewValidator(issuer string, refreshFunc RefreshFunc, options ...Option) (*JWTValidator, error)
NewValidator returns a new instance or a non-nil error if provided RefreshFunc is nil. If no Clock is provided time.Now() is used by default. If no logger is provided then logging is disabled by default.
Make sure to invoke Run() before verifying tokens to start fetching keysets.
func (*JWTValidator) Run ¶
func (validator *JWTValidator) Run(ctx context.Context)
Run starts up the validator to refresh the its keySet automatically using its RefreshFunc. This function will block until provided context is cancelled or the validator fails to fetch a new keyset.
func (*JWTValidator) VerifyToken ¶
func (validator *JWTValidator) VerifyToken(token string) error
VerifyToken returns a non-nil error if the token is expired, signature is invalid or any of the token's claims are different than expected. Eg. token was issued in the future or specified 'kid' does not exist.
Note that if the keyset expires, this method will not wait for a new keyset to be fetched and instead it will return an error and will continue to do so until an updated keyset is successfully retrieved.
type Option ¶
type Option interface {
// contains filtered or unexported methods
}
func WithLogger ¶
type RefreshFunc ¶
func DefaultRefreshFunc ¶
func DefaultRefreshFunc(authClient pb.AuthServiceClient, tracer trace.Tracer) RefreshFunc
DefaultRefreshFunc returns a callback that uses the auth service as the keyset source and fetches the keyset using provided gRPC client. Tracing is disabled if no tracer is provided.