gorest: github.com/tideland/gorest/jwt Index | Files

package jwt

import "github.com/tideland/gorest/jwt"

Package jwt of Tideland GoREST provides the generation, verification, and analyzing of JSON Web Tokens.

Index

Package Files

algorithm.go cache.go claims.go doc.go errors.go header.go jwt.go key.go

Constants

const (
    ErrCannotEncode = iota + 1
    ErrCannotDecode
    ErrCannotSign
    ErrCannotVerify
    ErrNoKey
    ErrJSONMarshalling
    ErrJSONUnmarshalling
    ErrInvalidTokenPart
    ErrInvalidCombination
    ErrInvalidAlgorithm
    ErrInvalidKeyType
    ErrInvalidSignature
    ErrCannotReadPEM
    ErrCannotDecodePEM
    ErrCannotParseECDSA
    ErrNoECDSAKey
    ErrCannotParseRSA
    ErrNoRSAKey
    ErrNoAuthorizationHeader
    ErrInvalidAuthorizationHeader
)

Error codes of the JWT package.

func AddToRequest Uses

func AddToRequest(req *http.Request, jwt JWT) *http.Request

AddToRequest adds a token as header to a request for usage by a client.

func AddTokenToRequest Uses

func AddTokenToRequest(req *http.Request, jwt JWT) *http.Request

AddTokenToRequest adds a token as header to a request for usage by a client.

DEPRECATED: Now AddToRequest().

func NewContext Uses

func NewContext(ctx context.Context, token JWT) context.Context

NewContext returns a new context that carries a token.

type Algorithm Uses

type Algorithm string

Algorithm describes the algorithm used to sign a token.

const (
    ES256 Algorithm = "ES256"
    ES384 Algorithm = "ES384"
    ES512 Algorithm = "ES512"
    HS256 Algorithm = "HS256"
    HS384 Algorithm = "HS384"
    HS512 Algorithm = "HS512"
    PS256 Algorithm = "PS256"
    PS384 Algorithm = "PS384"
    PS512 Algorithm = "PS512"
    RS256 Algorithm = "RS256"
    RS384 Algorithm = "RS384"
    RS512 Algorithm = "RS512"
    NONE  Algorithm = "none"
)

Definition of the supported algorithms.

func (Algorithm) Sign Uses

func (a Algorithm) Sign(data []byte, key Key) (Signature, error)

Sign creates the signature for the data based on the algorithm and the key.

func (Algorithm) Verify Uses

func (a Algorithm) Verify(data []byte, sig Signature, key Key) error

Verify checks if the signature is correct for the data when using the passed key.

type Cache Uses

type Cache interface {
    // Get tries to retrieve a token from the cache.
    Get(token string) (JWT, bool)

    // Put adds a token to the cache.
    Put(jwt JWT) int

    // Cleanup manually tells the cache to cleanup.
    Cleanup()

    // Stop tells the cache to end working.
    Stop() error
}

Cache provides a caching for tokens so that these don't have to be decoded or verified multiple times.

func NewCache Uses

func NewCache(ttl, leeway, interval time.Duration, maxEntries int) Cache

NewCache creates a new JWT caching. The ttl value controls the time a cached token may be unused before cleanup. The leeway is used for the time validation of the token itself. The duration of the interval controls how often the background cleanup is running. Final configuration parameter is the maximum number of entries inside the cache. If these grow too fast the ttl will be temporarily reduced for cleanup.

type Claims Uses

type Claims map[string]interface{}

Claims contains the claims of a token payload. The type also provides getters and setters for the reserved claims.

func NewClaims Uses

func NewClaims() Claims

NewClaims returns an empty set of claims.

func (Claims) Audience Uses

func (c Claims) Audience() ([]string, bool)

Audience retrieves the reserved "aud" claim.

func (Claims) Contains Uses

func (c Claims) Contains(key string) bool

Contains checks if the claims contain a given key.

func (Claims) Delete Uses

func (c Claims) Delete(key string) interface{}

Delete deletes a value from the claims. It returns a potential old value.

func (Claims) DeleteAudience Uses

func (c Claims) DeleteAudience() []string

DeleteAudience deletes the reserved "aud" claim. It returns a potential old value.

func (Claims) DeleteExpiration Uses

func (c Claims) DeleteExpiration() time.Time

DeleteExpiration deletes the reserved "exp" claim. It returns a potential old value.

func (Claims) DeleteIdentifier Uses

func (c Claims) DeleteIdentifier() string

DeleteIdentifier deletes the reserved "jti" claim. It returns a potential old value.

func (Claims) DeleteIssuedAt Uses

func (c Claims) DeleteIssuedAt() time.Time

DeleteIssuedAt deletes the reserved "iat" claim. It returns a potential old value.

func (Claims) DeleteIssuer Uses

func (c Claims) DeleteIssuer() string

DeleteIssuer deletes the reserved "iss" claim. It returns a potential old value.

func (Claims) DeleteNotBefore Uses

func (c Claims) DeleteNotBefore() time.Time

DeleteNotBefore deletes the reserved "nbf" claim. It returns a potential old value.

func (Claims) DeleteSubject Uses

func (c Claims) DeleteSubject() string

DeleteSubject deletes the reserved "sub" claim. It returns a potential old value.

func (Claims) Expiration Uses

func (c Claims) Expiration() (time.Time, bool)

Expiration retrieves the reserved "exp" claim.

func (Claims) Get Uses

func (c Claims) Get(key string) (interface{}, bool)

Get retrieves a value from the claims.

func (Claims) GetBool Uses

func (c Claims) GetBool(key string) (bool, bool)

GetBool retrieves a bool value. It also accepts the strings "1", "t", "T", "TRUE", "true", "True", "0", "f", "F", "FALSE", "false", and "False".

func (Claims) GetFloat64 Uses

func (c Claims) GetFloat64(key string) (float64, bool)

GetFloat64 retrieves a float value.

func (Claims) GetInt Uses

func (c Claims) GetInt(key string) (int, bool)

GetInt retrieves an integer value.

func (Claims) GetMarshalled Uses

func (c Claims) GetMarshalled(key string, v interface{}) (bool, error)

GetMarshalled unmarshalls the JSON value of the key and stores it in the value pointed to by v.

func (Claims) GetString Uses

func (c Claims) GetString(key string) (string, bool)

GetString retrieves a string value. If it is no string it will be converted into a string.

func (Claims) GetTime Uses

func (c Claims) GetTime(key string) (time.Time, bool)

GetTime retrieves a time value. Int, int32, int64, and float64 are valid types for the conversion. In case a string it is interpreted as RFC 3339 formatted time.

func (Claims) Identifier Uses

func (c Claims) Identifier() (string, bool)

Identifier retrieves the reserved "jti" claim.

func (Claims) IsAlreadyValid Uses

func (c Claims) IsAlreadyValid(leeway time.Duration) bool

IsAlreadyValid checks if the claim "nbf" is after the current time. The leeway is subtracted from the "nbf" time to account for clock skew.

func (Claims) IsStillValid Uses

func (c Claims) IsStillValid(leeway time.Duration) bool

IsStillValid checks if the claim "exp" is before the current time. The leeway is added to the "exp" time to account for clock skew.

func (Claims) IsValid Uses

func (c Claims) IsValid(leeway time.Duration) bool

IsValid is a combination of IsAlreadyValid() and IsStillValid().

func (Claims) IssuedAt Uses

func (c Claims) IssuedAt() (time.Time, bool)

IssuedAt retrieves the reserved "iat" claim.

func (Claims) Issuer Uses

func (c Claims) Issuer() (string, bool)

Issuer retrieves the reserved "iss" claim.

func (Claims) Len Uses

func (c Claims) Len() int

Len returns the number of entries in the claims.

func (Claims) MarshalJSON Uses

func (c Claims) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface even for nil or empty claims.

func (Claims) NotBefore Uses

func (c Claims) NotBefore() (time.Time, bool)

NotBefore retrieves the reserved "nbf" claim.

func (Claims) Set Uses

func (c Claims) Set(key string, value interface{}) interface{}

Set sets a value in the claims. It returns a potential old value.

func (Claims) SetAudience Uses

func (c Claims) SetAudience(auds ...string) []string

SetAudience sets the reserved "aud" claim. It returns a potential old value.

func (Claims) SetExpiration Uses

func (c Claims) SetExpiration(t time.Time) time.Time

SetExpiration sets the reserved "exp" claim. It returns a potential old value.

func (Claims) SetIdentifier Uses

func (c Claims) SetIdentifier(id string) string

SetIdentifier sets the reserved "jti" claim. It returns a potential old value.

func (Claims) SetIssuedAt Uses

func (c Claims) SetIssuedAt(t time.Time) time.Time

SetIssuedAt sets the reserved "iat" claim. It returns a potential old value.

func (Claims) SetIssuer Uses

func (c Claims) SetIssuer(issuer string) string

SetIssuer sets the reserved "iss" claim. It returns a potential old value.

func (Claims) SetNotBefore Uses

func (c Claims) SetNotBefore(t time.Time) time.Time

SetNotBefore sets the reserved "nbf" claim. It returns a potential old value.

func (Claims) SetSubject Uses

func (c Claims) SetSubject(subject string) string

SetSubject sets the reserved "sub" claim. It returns a potential old value.

func (Claims) SetTime Uses

func (c Claims) SetTime(key string, t time.Time) time.Time

SetTime sets a time value in the claims. It returns a potential old value.

func (Claims) Subject Uses

func (c Claims) Subject() (string, bool)

Subject retrieves the reserved "sub" claim.

func (*Claims) UnmarshalJSON Uses

func (c *Claims) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the json.Marshaller interface.

type JWT Uses

type JWT interface {
    // Stringer provides the String() method.
    fmt.Stringer

    // Claims returns the claims payload of the token.
    Claims() Claims

    // Key return the key of the token only when
    // it is a result of encoding or verification.
    Key() (Key, error)

    // Algorithm returns the algorithm of the token
    // after encoding, decoding, or verification.
    Algorithm() Algorithm

    // IsValid is a convenience method checking the
    // registered claims if the token is valid.
    IsValid(leeway time.Duration) bool
}

JWT describes the interface to access the parts of a JSON Web Token.

func Decode Uses

func Decode(token string) (JWT, error)

Decode creates a token out of a string without verification.

func DecodeCachedFromJob Uses

func DecodeCachedFromJob(job rest.Job, cache Cache) (JWT, error)

DecodeCachedFromJob retrieves a possible JWT from the request inside a REST job and checks if it already is cached. The JWT is only decoded. In case of no error the token is added to the cache.

func DecodeFromJob Uses

func DecodeFromJob(job rest.Job) (JWT, error)

DecodeFromJob retrieves a possible JWT from the request inside a REST job. The JWT is only decoded.

func DecodeFromRequest Uses

func DecodeFromRequest(req *http.Request) (JWT, error)

DecodeFromRequest tries to retrieve a token from a request header.

func Encode Uses

func Encode(claims Claims, key Key, algorithm Algorithm) (JWT, error)

Encode creates a JSON Web Token for the given claims based on key and algorithm.

func FromContext Uses

func FromContext(ctx context.Context) (JWT, bool)

FromContext returns the token stored in ctx, if any.

func Verify Uses

func Verify(token string, key Key) (JWT, error)

Verify creates a token out of a string and varifies it against the passed key.

func VerifyCachedFromJob Uses

func VerifyCachedFromJob(job rest.Job, cache Cache, key Key) (JWT, error)

VerifyCachedFromJob retrieves a possible JWT from the request inside a REST job and checks if it already is cached. The JWT is verified. In case of no error the token is added to the cache.

func VerifyFromJob Uses

func VerifyFromJob(job rest.Job, key Key) (JWT, error)

VerifyFromJob retrieves a possible JWT from the request inside a REST job. The JWT is verified.

type Key Uses

type Key interface{}

Key is the used key to sign a token. The real implementation controls signing and verification.

func ReadECPrivateKey Uses

func ReadECPrivateKey(r io.Reader) (Key, error)

ReadECPrivateKey reads a PEM formated ECDSA private key from the passed reader.

func ReadECPublicKey Uses

func ReadECPublicKey(r io.Reader) (Key, error)

ReadECPublicKey reads a PEM encoded ECDSA public key from the passed reader.

func ReadRSAPrivateKey Uses

func ReadRSAPrivateKey(r io.Reader) (Key, error)

ReadRSAPrivateKey reads a PEM encoded PKCS1 or PKCS8 private key from the passed reader.

func ReadRSAPublicKey Uses

func ReadRSAPublicKey(r io.Reader) (Key, error)

ReadRSAPublicKey reads a PEM encoded PKCS1 or PKCS8 public key from the passed reader.

type Signature Uses

type Signature []byte

Signature is the resulting signature when signing a token.

Package jwt imports 25 packages (graph) and is imported by 2 packages. Updated 2019-10-08. Refresh now. Tools for package owners.