Documentation
¶
Overview ¶
Package jwt implements authentication interfaces using JWT.
Index ¶
- func Authenticator(secret []byte) auth.AuthenticatorFunc
- func DecodeOnly(secret []byte) auth.AuthenticatorFunc
- func Encode(c jwt.Claims, secret []byte) (string, error)
- func NewContext(ctx context.Context, claims Claims) context.Context
- func NewJWTCredentialsFromToken(token string) credentials.PerRPCCredentials
- func Parse(t string, s []byte, c jwt.Claims) error
- func ParseFromMetadata(ctx context.Context, secret []byte, c jwt.Claims) error
- func SubjectEquals(ctx context.Context, s string) bool
- func TokenString(ctx context.Context) string
- type Claims
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Authenticator ¶
func Authenticator(secret []byte) auth.AuthenticatorFunc
Authenticator returns an AuthenticatorFunc that validates the provided JWT token in the :authorization header of the metadata.
func DecodeOnly ¶ added in v0.1.7
func DecodeOnly(secret []byte) auth.AuthenticatorFunc
DecodeOnly returns an AuthenticatorFunc that ONLY try to decode JWT token in the authorization header of the metadata and attach the decoded user claims into the context. This authenticator does NOT return error in case the JWT is invalid or there is no authorization header in the metadata.
func NewContext ¶
NewContext creates a new context with the claims attached.
func NewJWTCredentialsFromToken ¶
func NewJWTCredentialsFromToken(token string) credentials.PerRPCCredentials
NewJWTCredentialsFromToken returns a grpc rpc credential using the provided JWT token. Does not validate the Token.
func ParseFromMetadata ¶
ParseFromMetadata fetches the JWT from the authorization metadata or in the grpcgateway-cookie located in the `Context`, validates the JWT and extracts the Claims.
func SubjectEquals ¶
SubjectEquals checks if the JWT subject is equal to the provided subject in `sub`.
func TokenString ¶
TokenString extracts the JWT toke as a string from `ctx`.
Types ¶
type Claims ¶
type Claims struct {
// Auth claims
Audience string `json:"aud,omitempty"`
ExpiresAt int64 `json:"exp,omitempty"`
ID string `json:"jti,omitempty"`
IssuedAt int64 `json:"iat,omitempty"`
Issuer string `json:"iss,omitempty"`
NotBefore int64 `json:"nbf,omitempty"`
Subject string `json:"sub,omitempty"`
// User attributes claims
Name string `json:"name,omitempty"`
GivenName string `json:"given_name,omitempty"`
FamilyName string `json:"family_name,omitempty"`
MiddleName string `json:"middle_name,omitempty"`
Nickname string `json:"nickname,omitempty"`
PreferredUsername string `json:"preferred_username,omitempty"`
Profile string `json:"profile,omitempty"`
Picture string `json:"picture,omitempty"`
Website string `json:"website,omitempty"`
Email string `json:"email,omitempty"`
EmailVerified bool `json:"email_verified,omitempty"`
Gender string `json:"gender,omitempty"`
Birthdate string `json:"birthdate,omitempty"`
Zoneinfo string `json:"zoneinfo,omitempty"`
Locale string `json:"locale,omitempty"`
PhoneNumber string `json:"phone_number,omitempty"`
PhoneNumberVerified bool `json:"phone_number_verified,omitempty"`
Address string `json:"address,omitempty"`
UpdatedAt int64 `json:"updated_at,omitempty"`
// Custom attributes claims.
Scope string `json:"scope,omitempty"`
Admin bool `json:"admin,omitempty"`
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
Claims represents the claims provided by the JWT.
func FromContext ¶
FromContext fetches the claims attached to the ctx.
func (Claims) ContainScopes ¶
ContainScopes checks if `scopes` are present within the Claim.Scope.
Source Files