Documentation ¶
Index ¶
- Variables
- func Base64Decode(src []byte) []byte
- func Base64Encode(src []byte) []byte
- func ParsePrivateKeyFromPEM(key []byte) (crypto.PrivateKey, error)
- func ParsePublicKeyFromPEM(key []byte) (crypto.PublicKey, error)
- func PrivateKeyType(key crypto.PrivateKey)
- func PublicKeyType(key crypto.PublicKey)
- func RegisterSigningMethod(name string, fn func() SigningMethod)
- type ClaimsSet
- type CustomClaimsSet
- type KeyPair
- type MapClaims
- func (m MapClaims) GetAUD() (string, error)
- func (m MapClaims) GetEXP() (NumericDate, error)
- func (m MapClaims) GetIAT() (NumericDate, error)
- func (m MapClaims) GetISS() (string, error)
- func (m MapClaims) GetJTI() (string, error)
- func (m MapClaims) GetNBF() (NumericDate, error)
- func (m MapClaims) GetSUB() (string, error)
- func (m MapClaims) String() string
- type NumericDate
- type RawToken
- type RegisteredClaims
- func (r *RegisteredClaims) GetAUD() (string, error)
- func (r *RegisteredClaims) GetEXP() (NumericDate, error)
- func (r *RegisteredClaims) GetIAT() (NumericDate, error)
- func (r *RegisteredClaims) GetISS() (string, error)
- func (r *RegisteredClaims) GetJTI() (string, error)
- func (r *RegisteredClaims) GetNBF() (NumericDate, error)
- func (r *RegisteredClaims) GetSUB() (string, error)
- type Section
- type SigningMethod
- type SigningMethodECDSA
- type SigningMethodHMAC
- type SigningMethodRSA
- type SigningMethodRSAPSS
- type Token
- type TokenHeader
- type TokenManager
- type ValidateClaimFunc
- type Validator
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidKeyType = errors.New("alg: invalid key type") ErrSignatureInvalid = errors.New("alg: signature is invalid") )
SigningMethod errors
var ( ErrTokenExpired = errors.New("token expired") ErrTokenNotValidYet = errors.New("token not valid yet") ErrTokenUsedBeforeIssued = errors.New("token used before issued") ErrTokenInvalidAudience = errors.New("token contains invalid audience") ErrTokenInvalidIssuer = errors.New("token contains invalid issuer") ErrTokenInvalidSubject = errors.New("token contains invalid subject") ErrTokenInvalidCustomClaims = errors.New("token contains invalid custom claims") ErrTokenClaimNotFound = errors.New("token claim not found") )
Validator errors
var ( ErrTokenMalformed = errors.New("token is malformed") ErrTokenUnverifiable = errors.New("token is unverifiable") ErrTokenClaimsInvalid = errors.New("token claims validation error") ErrTokenSignatureInvalid = errors.New("token validation signature invalid") )
Parser errors
var ( ErrNoTokenInRequest = errors.New("no token present in request") ErrNoCookieFound = errors.New("no cookie present with specified name in request") )
var ( ErrParsingPEMPublicKey = errors.New("failed to decode PEM block containing public key") ErrParsingPEMPrivateKey = errors.New("failed to decode PEM block containing private key") )
var SkipValidation = errors.New("skip validation for this claim")
SkipValidation can be used as a return value from ValidateClaimFunc to indicate that the claim in the call is to be skipped. It is not returned as an error by any function.
Functions ¶
func Base64Decode ¶
func Base64Encode ¶
func ParsePrivateKeyFromPEM ¶
func ParsePrivateKeyFromPEM(key []byte) (crypto.PrivateKey, error)
ParsePrivateKeyFromPEM parses a PEM encoded PKCS1 or PKCS8 public key
func ParsePublicKeyFromPEM ¶
ParsePublicKeyFromPEM parses a PEM encoded PKCS1 or PKCS8 public key
func PrivateKeyType ¶
func PrivateKeyType(key crypto.PrivateKey)
func PublicKeyType ¶
func RegisterSigningMethod ¶
func RegisterSigningMethod(name string, fn func() SigningMethod)
Types ¶
type ClaimsSet ¶
type ClaimsSet interface { // GetISS is the issuer of the JWT. GetISS() (string, error) // GetSUB is the subject of the JWT. GetSUB() (string, error) // GetAUD is the audience (Recipient for which the JWT is intended.) GetAUD() (string, error) // GetEXP is the time after which the JWT expires. GetEXP() (NumericDate, error) // GetNBF is the time before the JWT must not be accepted for processing. GetNBF() (NumericDate, error) // GetIAT is the time at which the JWT was issued. // It can be used to determine the age of the JWT. GetIAT() (NumericDate, error) // GetJTI is a unique identifier. It can be used to prevent the JWT // from being replayed; it allows a token to be used only once. GetJTI() (string, error) }
ClaimsSet is an interface for a set of claims.
type CustomClaimsSet ¶
CustomClaimsSet is an interface for representing a custom claim, or a set of custom claims. It is intended to be used for building custom claim validation in addition to the integrated ClaimsSet.
type MapClaims ¶
func (MapClaims) GetEXP ¶
func (m MapClaims) GetEXP() (NumericDate, error)
func (MapClaims) GetIAT ¶
func (m MapClaims) GetIAT() (NumericDate, error)
func (MapClaims) GetNBF ¶
func (m MapClaims) GetNBF() (NumericDate, error)
type NumericDate ¶
type NumericDate int64
func NumericDateFromFloat ¶
func NumericDateFromFloat(f float64) NumericDate
func NumericDateFromJsonNumber ¶
func NumericDateFromJsonNumber(n json.Number) NumericDate
func NumericDateNow ¶
func NumericDateNow() NumericDate
func (NumericDate) Add ¶
func (n NumericDate) Add(d time.Duration) NumericDate
func (NumericDate) Time ¶
func (n NumericDate) Time() time.Time
type RawToken ¶
type RawToken []byte
func ExtractTokenFromCookie ¶
func NewToken ¶
func NewToken(alg SigningMethod, claims ClaimsSet, key crypto.PrivateKey) (RawToken, error)
func (RawToken) GetSection ¶
GetSection returns the start and end index for section containing the header, the payload or the signature.
func (RawToken) Header ¶
func (t RawToken) Header() *TokenHeader
func (RawToken) SigningSection ¶
type RegisteredClaims ¶
type RegisteredClaims struct { Issuer string `json:"iss,omitempty"` Subject string `json:"sub,omitempty"` Audience string `json:"aud,omitempty"` ExpirationTime NumericDate `json:"exp,omitempty"` NotBeforeTime NumericDate `json:"nbf,omitempty"` IssuedAtTime NumericDate `json:"iat,omitempty"` ID string `json:"jti,omitempty"` }
RegisteredClaims is the default set of registered claims. It can be used in addition to custom claims by embedding the registered claims in
func (*RegisteredClaims) GetAUD ¶
func (r *RegisteredClaims) GetAUD() (string, error)
func (*RegisteredClaims) GetEXP ¶
func (r *RegisteredClaims) GetEXP() (NumericDate, error)
func (*RegisteredClaims) GetIAT ¶
func (r *RegisteredClaims) GetIAT() (NumericDate, error)
func (*RegisteredClaims) GetISS ¶
func (r *RegisteredClaims) GetISS() (string, error)
func (*RegisteredClaims) GetJTI ¶
func (r *RegisteredClaims) GetJTI() (string, error)
func (*RegisteredClaims) GetNBF ¶
func (r *RegisteredClaims) GetNBF() (NumericDate, error)
func (*RegisteredClaims) GetSUB ¶
func (r *RegisteredClaims) GetSUB() (string, error)
type SigningMethod ¶
type SigningMethod interface { // Name should return the name of the signing method. Name() string // GenerateKeyPair should generate and return a key pair complient // with the implementing signing method. GenerateKeyPair() *KeyPair // Sign should take a base64 encoded header and payload and return a // valid signature. Sign(partialToken []byte, key crypto.PrivateKey) (signature []byte, err error) // Verify should take a token and signature and verify the token using the // provided signature. Verify(partialToken []byte, signature []byte, key crypto.PublicKey) error }
SigningMethod is an interface for implementing singing and verifying methods
func GetSigningMethod ¶
func GetSigningMethod(name string) SigningMethod
type SigningMethodECDSA ¶
type SigningMethodECDSA struct { KeySize int CurveBits int // contains filtered or unexported fields }
SigningMethodECDSA implements the ECDSA family of signing methods. Expects *ecdsa.PrivateKey for signing and *ecdsa.PublicKey for verification
var ( ES256 *SigningMethodECDSA ES384 *SigningMethodECDSA ES512 *SigningMethodECDSA )
func (*SigningMethodECDSA) GenerateKeyPair ¶
func (s *SigningMethodECDSA) GenerateKeyPair() *KeyPair
func (*SigningMethodECDSA) Name ¶
func (s *SigningMethodECDSA) Name() string
func (*SigningMethodECDSA) Sign ¶
func (s *SigningMethodECDSA) Sign(partialToken []byte, key crypto.PrivateKey) ([]byte, error)
type SigningMethodHMAC ¶
type SigningMethodHMAC struct {
// contains filtered or unexported fields
}
SigningMethodHMAC implements the HMAC-SHA family of signing methods. Expects key type of []byte for both signing and validation
var ( HS256 *SigningMethodHMAC HS384 *SigningMethodHMAC HS512 *SigningMethodHMAC )
func (*SigningMethodHMAC) GenerateKeyPair ¶
func (s *SigningMethodHMAC) GenerateKeyPair() *KeyPair
func (*SigningMethodHMAC) Name ¶
func (s *SigningMethodHMAC) Name() string
func (*SigningMethodHMAC) Sign ¶
func (s *SigningMethodHMAC) Sign(partialToken []byte, key crypto.PrivateKey) ([]byte, error)
type SigningMethodRSA ¶
type SigningMethodRSA struct {
// contains filtered or unexported fields
}
SigningMethodRSA implements the RSA family of signing methods. Expects *rsa.PrivateKey for signing and *rsa.PublicKey for validation
var ( RS256 *SigningMethodRSA RS384 *SigningMethodRSA RS512 *SigningMethodRSA )
func (*SigningMethodRSA) GenerateKeyPair ¶
func (s *SigningMethodRSA) GenerateKeyPair() *KeyPair
func (*SigningMethodRSA) Name ¶
func (s *SigningMethodRSA) Name() string
func (*SigningMethodRSA) Sign ¶
func (s *SigningMethodRSA) Sign(partialToken []byte, key crypto.PrivateKey) ([]byte, error)
type SigningMethodRSAPSS ¶
type SigningMethodRSAPSS struct {
// contains filtered or unexported fields
}
SigningMethodRSA implements the RSAPSS family of signing methods. Expects *rsa.PrivateKey for signing and *rsa.PublicKey for validation
var ( PS256 *SigningMethodRSAPSS PS384 *SigningMethodRSAPSS PS512 *SigningMethodRSAPSS )
func (*SigningMethodRSAPSS) GenerateKeyPair ¶
func (s *SigningMethodRSAPSS) GenerateKeyPair() *KeyPair
func (*SigningMethodRSAPSS) Name ¶
func (s *SigningMethodRSAPSS) Name() string
func (*SigningMethodRSAPSS) Sign ¶
func (s *SigningMethodRSAPSS) Sign(partialToken []byte, key crypto.PrivateKey) ([]byte, error)
type Token ¶
type Token struct { RawToken Header TokenHeader Payload MapClaims Method SigningMethod Signature []byte Valid bool }
func ParseRawToken ¶
func ValidateToken ¶
type TokenHeader ¶
type TokenManager ¶
type TokenManager struct { Validator // contains filtered or unexported fields }
func NewTokenManager ¶
func NewTokenManager(method SigningMethod, keys *KeyPair) *TokenManager
func (*TokenManager) GenerateToken ¶
func (m *TokenManager) GenerateToken(claims ClaimsSet) (RawToken, error)
func (*TokenManager) ValidateToken ¶
func (m *TokenManager) ValidateToken(raw RawToken) (*Token, error)
func (*TokenManager) ValidateTokenFromRequest ¶
func (m *TokenManager) ValidateTokenFromRequest(r *http.Request) (*Token, error)
type ValidateClaimFunc ¶
ValidateClaimFunc is the type of function called by ValidateClaims in order to validate a claims set. It makes it possible to implement custom claims validation. If you do not want a claim to be validated the SkipValidation error is returned.
type Validator ¶
type Validator struct { // Margin is an optional time margin that can be applied // to account for clock skew Margin time.Duration // ValidateIAT specifies whether the issued at time claim // will be validated. ValidateIAT bool // ExpectedAUD holds the audience this token expects; if // it is left as an empty string, audience validation will // be disabled. ExpectedAUD string // ExpectedISS holds the issuer this token expects; if // it is left as an empty string, issuer validation will // be disabled. ExpectedISS string // ExpectedSUB holds the subject this token expects; if // it is left as an empty string, subject validation will // be disabled. ExpectedSUB string Method SigningMethod }
Validator is the main validation structure for validating claims, etc.