jwt

package
v0.0.0-...-e2863eb Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 22, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Copyright 2023 Northern.tech AS 

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Copyright 2023 Northern.tech AS 

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Copyright 2023 Northern.tech AS 

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Copyright 2023 Northern.tech AS 

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Copyright 2023 Northern.tech AS 

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrTokenExpired = errors.New("jwt: token expired")
	ErrTokenInvalid = errors.New("jwt: token invalid")
)

Functions

func GetKeyId 

func GetKeyId(tokenString string) int

Types

type Claims 

type Claims struct {
	// ID is the unique token UUID.
	ID oid.ObjectID `json:"jti,omitempty" bson:"_id,omitempty"`
	// Subject holds the UUID associated with the user's account.
	Subject oid.ObjectID `json:"sub,omitempty" bson:"sub,omitempty"`
	// ExpiresAt is the absolute time when the token expires.
	ExpiresAt *Time `json:"exp,omitempty" bson:"exp,omitempty"`
	// IssuedAt is the absolute time the token was created.
	IssuedAt Time `json:"iat,omitempty" bson:"iat,omitempty"`
	// Tenant holds the tenant ID claim
	Tenant string `json:"mender.tenant,omitempty" bson:"tenant,omitempty"`
	// User claims that this token is for the management API.
	User bool `json:"mender.user,omitempty" bson:"user,omitempty"`
	// Issuer contains the configured Issuer claim (defaults to "Mender")
	Issuer string `json:"iss,omitempty" bson:"iss,omitempty"`
	// Scope determines the API scope of the token (defaults to "mender.*")
	Scope     string `json:"scp,omitempty" bson:"scp,omitempty"`
	Audience  string `json:"aud,omitempty" bson:"aud,omitempty"`
	NotBefore Time   `json:"nbf,omitempty" bson:"nbf,omitempty"`
}

func (*Claims) Valid 

func (c *Claims) Valid() error

Valid checks if claims are valid. Returns error if validation fails. Note that for now we're only using iss, exp, sub, scp. Basic checks are done here, field correctness (e.g. issuer) - at the service level, where this info is available.

type Handler 

type Handler interface {
	ToJWT(t *Token) (string, error)
	// FromJWT parses the token and does basic validity checks (Claims.Valid()).
	// returns:
	// ErrTokenExpired when the token is valid but expired
	// ErrTokenInvalid when the token is invalid (malformed, missing required claims, etc.)
	FromJWT(string) (*Token, error)
}

Handler jwt generator/verifier

func NewJWTHandler 

func NewJWTHandler(privateKeyPath string, privateKeyFilenamePattern string) (Handler, error)

type JWTHandlerEd25519 

type JWTHandlerEd25519 struct {
	// contains filtered or unexported fields
}

JWTHandlerEd25519 is an Ed25519-specific JWTHandler

func NewJWTHandlerEd25519 

func NewJWTHandlerEd25519(privKey *ed25519.PrivateKey, keyId int) *JWTHandlerEd25519

func (*JWTHandlerEd25519) FromJWT 

func (j *JWTHandlerEd25519) FromJWT(tokstr string) (*Token, error)

func (*JWTHandlerEd25519) ToJWT 

func (j *JWTHandlerEd25519) ToJWT(token *Token) (string, error)

type JWTHandlerRS256 

type JWTHandlerRS256 struct {
	// contains filtered or unexported fields
}

JWTHandlerRS256 is an RS256-specific JWTHandler

func NewJWTHandlerRS256 

func NewJWTHandlerRS256(privKey *rsa.PrivateKey, keyId int) *JWTHandlerRS256

func (*JWTHandlerRS256) FromJWT 

func (j *JWTHandlerRS256) FromJWT(tokstr string) (*Token, error)

func (*JWTHandlerRS256) ToJWT 

func (j *JWTHandlerRS256) ToJWT(token *Token) (string, error)

type SignFunc 

type SignFunc func(token *Token) (string, error)

SignFunc will sign and encode token.

type Time 

type Time struct {
	time.Time
}

Time is a simple wrapper of time.Time that marshals/unmarshals JSON to/from UNIX time.

func (Time) MarshalJSON 

func (t Time) MarshalJSON() ([]byte, error)

func (*Time) UnmarshalJSON 

func (t *Time) UnmarshalJSON(b []byte) error

type Token 

type Token struct {
	Claims `bson:"inline"`
	// LastUsed is the token last usage timestamp.
	LastUsed *time.Time `json:"last_used,omitempty" bson:"last_used,omitempty"`
	// TokenName holds the name of the token
	TokenName *string `json:"name,omitempty" bson:"name,omitempty"`
	// KeyId is the field that corresponds to "kid" in the JWT Header, we use it
	// to identify the key which was used to sign the token. It allows the private key rotation
	// as long as you keep the private keys we can use the new ones (the highest id)
	// to issue new tokens, while verify the old tokens with the keys used to issue them
	KeyId int `json:"key_id,omitempty" bson:"key_id,omitempty"`
}

Token wrapper

func (*Token) MarshalJWT 

func (t *Token) MarshalJWT(sign SignFunc) ([]byte, error)

MarshalJWT marshals Token into JWT comaptible format. `sign` provides means for generating a signed JWT token.

func (*Token) UnmarshalJWT 

func (t *Token) UnmarshalJWT(raw []byte, unpack UnpackFunc) error

UnmarshalJWT unmarshals raw JWT data into Token. UnpackFunc does the actual heavy-lifting of parsing and deserializing base64'ed JWT. Returns an error if `unpack` failed, however if `unpack` returns a token `t` will be updated as well (may happen if token is valid wrt. to structure & signature, but expired).

type UnpackFunc 

type UnpackFunc func(s string) (*Token, error)

UnpackFunc will decode token

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.