Documentation ¶
Overview ¶
Copyright 2023 Northern.tech AS
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2023 Northern.tech AS
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2023 Northern.tech AS
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2023 Northern.tech AS
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2023 Northern.tech AS
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrTokenExpired = errors.New("jwt: token expired") ErrTokenInvalid = errors.New("jwt: token invalid") )
Functions ¶
Types ¶
type Claims ¶
type Claims struct { // ID is the unique token UUID. ID oid.ObjectID `json:"jti,omitempty" bson:"_id,omitempty"` // Subject holds the UUID associated with the user's account. Subject oid.ObjectID `json:"sub,omitempty" bson:"sub,omitempty"` // ExpiresAt is the absolute time when the token expires. ExpiresAt *Time `json:"exp,omitempty" bson:"exp,omitempty"` // IssuedAt is the absolute time the token was created. IssuedAt Time `json:"iat,omitempty" bson:"iat,omitempty"` // Tenant holds the tenant ID claim Tenant string `json:"mender.tenant,omitempty" bson:"tenant,omitempty"` // User claims that this token is for the management API. User bool `json:"mender.user,omitempty" bson:"user,omitempty"` // Issuer contains the configured Issuer claim (defaults to "Mender") Issuer string `json:"iss,omitempty" bson:"iss,omitempty"` // Scope determines the API scope of the token (defaults to "mender.*") Scope string `json:"scp,omitempty" bson:"scp,omitempty"` Audience string `json:"aud,omitempty" bson:"aud,omitempty"` NotBefore Time `json:"nbf,omitempty" bson:"nbf,omitempty"` }
type Handler ¶
type Handler interface { ToJWT(t *Token) (string, error) // FromJWT parses the token and does basic validity checks (Claims.Valid()). // returns: // ErrTokenExpired when the token is valid but expired // ErrTokenInvalid when the token is invalid (malformed, missing required claims, etc.) FromJWT(string) (*Token, error) }
Handler jwt generator/verifier
type JWTHandlerEd25519 ¶
type JWTHandlerEd25519 struct {
// contains filtered or unexported fields
}
JWTHandlerEd25519 is an Ed25519-specific JWTHandler
func NewJWTHandlerEd25519 ¶
func NewJWTHandlerEd25519(privKey *ed25519.PrivateKey, keyId int) *JWTHandlerEd25519
type JWTHandlerRS256 ¶
type JWTHandlerRS256 struct {
// contains filtered or unexported fields
}
JWTHandlerRS256 is an RS256-specific JWTHandler
func NewJWTHandlerRS256 ¶
func NewJWTHandlerRS256(privKey *rsa.PrivateKey, keyId int) *JWTHandlerRS256
type Time ¶
Time is a simple wrapper of time.Time that marshals/unmarshals JSON to/from UNIX time.
func (Time) MarshalJSON ¶
func (*Time) UnmarshalJSON ¶
type Token ¶
type Token struct { Claims `bson:"inline"` // LastUsed is the token last usage timestamp. LastUsed *time.Time `json:"last_used,omitempty" bson:"last_used,omitempty"` // TokenName holds the name of the token TokenName *string `json:"name,omitempty" bson:"name,omitempty"` // KeyId is the field that corresponds to "kid" in the JWT Header, we use it // to identify the key which was used to sign the token. It allows the private key rotation // as long as you keep the private keys we can use the new ones (the highest id) // to issue new tokens, while verify the old tokens with the keys used to issue them KeyId int `json:"key_id,omitempty" bson:"key_id,omitempty"` }
Token wrapper
func (*Token) MarshalJWT ¶
MarshalJWT marshals Token into JWT comaptible format. `sign` provides means for generating a signed JWT token.
func (*Token) UnmarshalJWT ¶
func (t *Token) UnmarshalJWT(raw []byte, unpack UnpackFunc) error
UnmarshalJWT unmarshals raw JWT data into Token. UnpackFunc does the actual heavy-lifting of parsing and deserializing base64'ed JWT. Returns an error if `unpack` failed, however if `unpack` returns a token `t` will be updated as well (may happen if token is valid wrt. to structure & signature, but expired).