Documentation ¶
Overview ¶
Package ed25519url implements prototokens.TokenManager via ed25519 signatures and url-safe encoded strings
Index ¶
- type KeyDataFunc
- type Manager
- func (skm *Manager) Decode(ctx context.Context, s string) (*tokenpb.SignedToken, error)
- func (skm *Manager) Encode(ctx context.Context, st *tokenpb.SignedToken) (string, error)
- func (skm *Manager) GetValidatedToken(ctx context.Context, token *tokenpb.SignedToken) (*tokenpb.ProtoToken, error)
- func (skm *Manager) Sign(ctx context.Context, pt *tokenpb.ProtoToken) (*tokenpb.SignedToken, error)
- func (skm *Manager) ValidFor(ctx context.Context, st *tokenpb.SignedToken, usage tokenpb.TokenUsages) error
- func (skm *Manager) Validate(ctx context.Context, st *tokenpb.SignedToken) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type KeyDataFunc ¶
KeyDataFunc is a func that can return the seed passed to ed25519.NewFromSeed and optional error
type Manager ¶
type Manager struct { *prototokens.UnimplementedTokenManager // contains filtered or unexported fields }
Manager is an implementation of prototokens.TokenManager that: - signs tokens with ed25519 with [keyDataFunc] returning the seed that will be passed to ed25519.NewFromSeed - encodes/decodes with base64.RawURLEncoding.EncodeToString
func New ¶
func New(keyDataFunc KeyDataFunc) (*Manager, error)
New returns a new [sharedkey.Manager]
func (*Manager) GetValidatedToken ¶
func (skm *Manager) GetValidatedToken(ctx context.Context, token *tokenpb.SignedToken) (*tokenpb.ProtoToken, error)
GetValidatedToken turns a tokenpb.SignedToken into a tokenpb.ProtoToken after validation
func (*Manager) Sign ¶
func (skm *Manager) Sign(ctx context.Context, pt *tokenpb.ProtoToken) (*tokenpb.SignedToken, error)
Sign signs the token
func (*Manager) ValidFor ¶
func (skm *Manager) ValidFor(ctx context.Context, st *tokenpb.SignedToken, usage tokenpb.TokenUsages) error
ValidFor checks if a token is valid for a specific usage
func (*Manager) Validate ¶
Validate checks if the token is valid we do the validation in layers based on how expensive it is to validate - unmarshal the token bytes. we need to do that for the later checks. failure means its not valid - validate the signature to ensure the message hasn't been tampered with - check timestamps in the token now that we know we can trust it