validator

package

v0.0.0-...-913acc0 Latest Latest Go to latest Published: May 2, 2024 License: MIT Imports: 16 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/krixlion/dev_forum-auth

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type JWTValidator
- func NewValidator(issuer string, refreshFunc RefreshFunc, options ...Option) (*JWTValidator, error)
- func (validator *JWTValidator) Run(ctx context.Context)
- func (validator *JWTValidator) VerifyToken(token string) error
type Key
type Option
- func WithClock(clock jwt.Clock) Option
- func WithLogger(logger logging.Logger) Option
type RefreshFunc
- func DefaultRefreshFunc(authClient pb.AuthServiceClient, tracer trace.Tracer) RefreshFunc

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrKeysNotReceived        = errors.New("no keys were received")
	ErrKeySetNotFound         = errors.New("key set not found")
	ErrRefreshFuncNotProvided = errors.New("no refreshFunc was provided to refresh the keyset")
)

Functions ¶

This section is empty.

Types ¶

type JWTValidator ¶

type JWTValidator struct {
	// contains filtered or unexported fields
}

func NewValidator ¶

func NewValidator(issuer string, refreshFunc RefreshFunc, options ...Option) (*JWTValidator, error)

NewValidator returns a new instance or a non-nil error if provided RefreshFunc is nil. If no Clock is provided time.Now() is used by default. If no logger is provided then logging is disabled by default.

Make sure to invoke Run() before verifying tokens to start fetching keysets.

func (*JWTValidator) Run ¶

func (validator *JWTValidator) Run(ctx context.Context)

Run starts up the validator to refresh the its keySet automatically using its RefreshFunc. This function will block until provided context is cancelled or the validator fails to fetch a new keyset.

func (*JWTValidator) VerifyToken ¶

func (validator *JWTValidator) VerifyToken(token string) error

VerifyToken returns a non-nil error if the token is expired, signature is invalid or any of the token's claims are different than expected. Eg. token was issued in the future or specified 'kid' does not exist.

Note that if the keyset expires, this method will not wait for a new keyset to be fetched and instead it will return an error and will continue to do so until an updated keyset is successfully retrieved.

type Key ¶

type Key struct {
	Id        string
	Algorithm string
	Type      string
	Raw       interface{}
}

Key is a struct for data necessary to register a key in a keyset.

type Option ¶

type Option interface {
	// contains filtered or unexported methods
}

func WithClock ¶

func WithClock(clock jwt.Clock) Option

func WithLogger ¶

func WithLogger(logger logging.Logger) Option

type RefreshFunc ¶

type RefreshFunc func(ctx context.Context) ([]Key, error)

func DefaultRefreshFunc ¶

func DefaultRefreshFunc(authClient pb.AuthServiceClient, tracer trace.Tracer) RefreshFunc

DefaultRefreshFunc returns a callback that uses the auth service as the keyset source and fetches the keyset using provided gRPC client. Tracing is disabled if no tracer is provided.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL