Documentation ¶
Index ¶
- Constants
- Variables
- func DecodeBase64(message string) ([]byte, error)
- func DecryptRS256(encodedCipher string, label []byte, privateKey rsa.PrivateKey) (string, error)
- func DecryptRS384(encodedCipher string, label []byte, privateKey rsa.PrivateKey) (string, error)
- func DecryptRS512(encodedCipher string, label []byte, privateKey rsa.PrivateKey) (string, error)
- func EncodeBase64(message string) string
- func EncryptRS256(message string, label []byte, publicKey rsa.PublicKey) (string, error)
- func EncryptRS384(message string, label []byte, publicKey rsa.PublicKey) (string, error)
- func EncryptRS512(message string, label []byte, publicKey rsa.PublicKey) (string, error)
- func SignHS256(message, secret string) (string, error)
- func SignHS384(message, secret string) (string, error)
- func SignHS512(message, secret string) (string, error)
- type AlgorithmMap
- type Builder
- func (this *Builder) Audience(aud string) *Builder
- func (this *Builder) Custom(key string, value interface{}) *Builder
- func (this *Builder) ExpirationTime(exp time.Time) *Builder
- func (this *Builder) ExpiresIn(duration time.Duration) *Builder
- func (this *Builder) IssuedAt(iat time.Time) *Builder
- func (this *Builder) IssuedNow() *Builder
- func (this *Builder) Issuer(iss string) *Builder
- func (this *Builder) JWTID(jti string) *Builder
- func (this *Builder) NotBefore(nbf time.Time) *Builder
- func (this *Builder) Sign(secret string) (string, error)
- func (this *Builder) SignWithKey(label string, key rsa.PublicKey) (string, error)
- func (this *Builder) Subject(sub string) *Builder
- type DecryptionAlgorithmMap
- type EncryptionAlgorithmMap
- type Header
- type JWT
- func (this *JWT) Data() (data string, err error)
- func (this *JWT) GoString() (token string)
- func (this *JWT) IsEmpty() (empty bool)
- func (this *JWT) IsExpired() (expired bool)
- func (this *JWT) IsSigned() (signed bool)
- func (this *JWT) Parse() (token string, err error)
- func (this *JWT) Sign(secret string) (err error)
- func (this *JWT) SignParse(secret string) (token string, err error)
- func (this *JWT) SignParseWithKey(label string, key rsa.PublicKey) (token string, err error)
- func (this *JWT) SignWithKey(label string, key rsa.PublicKey) (err error)
- func (this *JWT) String() (token string)
- func (this *JWT) Validate(secret string) (err error)
- func (this *JWT) ValidateWithKey(label string, key rsa.PrivateKey) (err error)
- type Map
- type Payload
- type Time
Constants ¶
const ( // AlgHS256 indicates that the JWT uses the HS256 algorithm for signing the signature. AlgHS256 = "HS256" // AlgHS384 indicates that the JWT uses the HS256 algorithm for signing the signature. AlgHS384 = "HS384" // AlgHS512 indicates that the JWT uses the HS512 algorithm for signing the signature. AlgHS512 = "HS512" // AlgRS256 indicates that the JWT uses the RS256 algorithm for encrypting and decrypting the signature. AlgRS256 = "RS256" // AlgRS384 indicates that the JWT uses the RS384 algorithm for encrypting and decrypting the signature. AlgRS384 = "RS384" // AlgRS512 indicates that the JWT uses the RS512 algorithm for encrypting and decrypting the signature. AlgRS512 = "RS512" )
const (
// TypJWT indicates that the token type is JWT.
TypJWT = "JWT"
)
Variables ¶
var ( // ErrAlgNotImp indicates that the algorithm in the JWT header is not implemented for the signing/validating method. ErrAlgNotImp = errors.New("SIGNATURE ALGORITHM NOT IMPLEMENTED FOR METHOD") // ErrTokNotSig indicates that the JWT has not been signed yet, and therefore can't be validated. ErrTokNotSig = errors.New("TOKEN NOT SIGNED / MISSING SIGNATURE") // ErrInvSecKey indicates that the JWT has failed a validation, because of an invalid secret key. ErrInvSecKey = errors.New("INVALID SECRET") // ErrBadJWTTok indicates that a given string is not a valid JWT token. ErrBadJWTTok = errors.New("NOT A JWT / BAD JWT") // ErrInvTokPrd indicates that a given JWT has failed a validation. // This happened because of either the nbf (NotBefore) or exp (ExpirationTime) claim had invalid dates. ErrInvTokPrd = errors.New("TOKEN VALIDITY PERIOD EXPIRED OR NOT STARTED") // ErrPayFieldVal indicates that a given payload has failed field format validation. ErrPayFieldVal = errors.New("ONE OR MORE FIELDS PRODUCE A VALIDATION ERROR") )
var ( // DefaultHeader is the default header for JWT tokens using the HS256 algorithm. DefaultHeader = Header{ Algorithm: AlgHS256, Type: TypJWT, } // DefaultFieldLength is the default maximum length of payload fields. DefaultFieldLength = 255 // TODO )
var ( Algorithms = AlgorithmMap{ AlgHS256: SignHS256, AlgHS384: SignHS384, AlgHS512: SignHS512, } EncryptionAlgorithms = EncryptionAlgorithmMap{ AlgRS256: EncryptRS256, AlgRS384: EncryptRS384, AlgRS512: EncryptRS512, } DecryptionAlgorithms = DecryptionAlgorithmMap{ AlgRS256: DecryptRS256, AlgRS384: DecryptRS384, AlgRS512: DecryptRS512, } )
Functions ¶
func DecodeBase64 ¶
DecodeBase64 decodes a string with the base64 algorithm.
func DecryptRS256 ¶ added in v1.1.0
DecryptRS256 decrypts a base64 rawUrlEncoded cipher string with a secret string and an RSA private key using the RS256 algorithm.
func DecryptRS384 ¶ added in v1.1.0
DecryptRS384 decrypts a base64 rawUrlEncoded cipher string with a secret string and an RSA private key using the RS384 algorithm.
func DecryptRS512 ¶ added in v1.1.0
DecryptRS512 decrypts a base64 rawUrlEncoded cipher string with a secret string and an RSA private key using the RS512 algorithm.
func EncodeBase64 ¶
EncodeBase64 encodes a string with the base64 algorithm.
func EncryptRS256 ¶ added in v1.1.0
EncryptRS256 signs a message string with a secret string and an RSA public key using the RS256 algorithm with additional base64 rawURLEncoding of the result cipher.
func EncryptRS384 ¶ added in v1.1.0
EncryptRS384 signs a message string with a secret string and an RSA public key using the RS384 algorithm with additional base64 rawURLEncoding of the result cipher.
func EncryptRS512 ¶ added in v1.1.0
EncryptRS512 signs a message string with a secret string and an RSA public key using the RS512 algorithm with additional base64 rawURLEncoding of the result cipher.
func SignHS256 ¶
SignHS256 signs a message string with a secret string using the HS256 algorithm with additional base64 rawURLEncoding of the result hash.
Types ¶
type AlgorithmMap ¶ added in v1.3.0
type Builder ¶ added in v1.2.0
type Builder struct {
JWT
}
Builder aims to wrap a JWT value to provide setters and chaining options for properties.
func WithBuilder ¶ added in v1.2.0
func WithBuilder() *Builder
WithBuilder creates a new Builder with an empty JWT token.
func (*Builder) ExpirationTime ¶ added in v1.2.0
ExpirationTime sets the expiration time property of the JWT.
func (*Builder) ExpiresIn ¶ added in v1.2.0
ExpiresIn sets the expiration time property of the JWT to the current time and adds a specified time.Duration value to it.
func (*Builder) IssuedNow ¶ added in v1.2.0
IssuedNow sets the issued at property of the JWT to the current timestamp.
func (*Builder) Sign ¶ added in v1.2.0
Sign signs the JWT with a given secret and returns the signed JWT as a string or a possible error.
func (*Builder) SignWithKey ¶ added in v1.2.0
SignWithKey signs the JWT with a given label and rsa.PublicKey and returns the signed JWT as a string or a possible error.
type DecryptionAlgorithmMap ¶ added in v1.3.0
type EncryptionAlgorithmMap ¶ added in v1.3.0
type Header ¶
type Header struct { // Algorithm is a string containing the identification of the algorithm used for signing a JWT. Algorithm string `json:"alg"` // ContentType indicates the content type of the token, not required. ContentType string `json:"cty,omitempty"` // Type indicates the type of the token, must be "JWT" for JWT tokens. Type string `json:"typ"` }
Header is the header section of the JWT token.
type JWT ¶
type JWT struct { // Header is the JWT header field. Header Header // Payload is the JWT payload field. Payload Payload // Signature is a string holding the JWT Header and the JWT Payload encrypted with the algorithm of the JWT Header. // Signature = Header.Algorithm(Header.Json() + "." + Payload.Json(), SECRET) Signature string }
JWT is a struct holding the values a JWT.
func LoadJWT ¶ added in v1.2.0
LoadJWT creates a JWT object from a JWT string. Returns empty JWT, ErrBadJWTTok if the JWT is not a valid JWT, or returns the JWT if everything was successful.
func (*JWT) Data ¶
Data formats the Header and Payload fields of a JWT into a string. Result = Base64Encode(Header.Json()) + "." + Base64Encode(Payload.Json())
func (*JWT) GoString ¶ added in v1.2.0
GoString is the implementation for the GoStringer interface and an alias for String
func (*JWT) IsExpired ¶ added in v1.2.0
IsExpired returns a bool, whether the token has already expired or is not valid yet.
func (*JWT) IsSigned ¶ added in v1.2.0
IsSigned returns a bool, whether the token has been signed already or not.
func (*JWT) Parse ¶ added in v1.2.0
Parse formats the JWT into a JWT string and returns the result. It requires the token to be signed and the payload and header to be parsed successfully, otherwise it returns ErrTokNotSig. Result = Base64Encode(Header.Json()) + "." + Base64Encode(Payload.Json()) + "." + Signature
func (*JWT) Sign ¶
Sign signs a JWT using a symmetric encryption algorithm and creates the Signature, saved in the JWT. This method overwrites the Signature field in the JWT if it exists. Returns ErrAlgNotImp if the algorithm in the Header is not implemented yet or an asymmetric encryption algorithm. or returns ErrInvTokPrd if the token period has expired before signing.
func (*JWT) SignParse ¶ added in v1.3.0
SignParse performs the Sign and Parse operations in one single step.
func (*JWT) SignParseWithKey ¶ added in v1.3.0
SignParseWithKey performs the SignWithKey and Parse operations in one single step.
func (*JWT) SignWithKey ¶ added in v1.1.0
SignWithKey signs a JWT using an asymmetric encryption algorithm and creates the Signature, saved in the JWT. This method overwrites the Signature field in the JWT if it exists. Returns ErrAlgNotImp if the algorithm in the Header is not implemented yet or a symmetric encryption algorithm or returns ErrInvTokPrd if the token period has expired before signing.
func (*JWT) String ¶
String formats the JWT into a JWT string and ignores probable errors. To parse tokens in production environments, it is recommended to use the Parse method.
func (*JWT) Validate ¶
Validate validates a JWT based on a given secret string using a symmetric encryption algorithm. Returns ErrAlgNotImp if the algorithm in the Header is not implemented yet, ErrTokNotSig if the token has not been signed yet, ErrInvTokPrd if the token period has expired and ErrInvSecKey if the entered secret string is invalid corresponding to the signature. Returns nil if the JWT is validated with the entered secret.
func (*JWT) ValidateWithKey ¶ added in v1.1.0
func (this *JWT) ValidateWithKey(label string, key rsa.PrivateKey) (err error)
ValidateWithKey validates a JWT based on a given secret string using an asymmetric encryption algorithm Returns ErrAlgNotImp if the algorithm in the Header is not implemented yet, ErrTokNotSig if the token has not been signed yet, ErrInvTokPrd if the token period has expired and ErrInvSecKey if the entered key and/or label is invalid corresponding to the signature. Returns nil if the JWT is validated with the entered key.
type Payload ¶
type Payload struct { // Issuer is the issuer claim in the JWT token. Issuer string `json:"iss,omitempty"` // Subject is the subject claim in the JWT token. Subject string `json:"sub,omitempty"` // Audience is the audience claim in the JWT token. Audience string `json:"aud,omitempty"` // ExpirationTime is the expiration time claim in the JWT token. ExpirationTime *Time `json:"exp,omitempty"` // NotBefore is the not before claim in the JWT token. NotBefore *Time `json:"nbf,omitempty"` // IssuedAt is the issued at claim in the JWT token. IssuedAt *Time `json:"iat,omitempty"` // JWTID is the JWT id claim in the JWT token. JWTID string `json:"jti,omitempty"` // Custom is a map containing custom keys and claims for the JWT token. Custom Map `json:"-"` }
Payload is the payload section of the JWT token.
type Time ¶ added in v1.2.0
Time is a struct wrapping a time.Time value from the standard library. It implements the json.Marshaler and json.Unmarshaler interface, and the encoding.TextMarshaler and encoding.TextUnmarshaler interface to override the marshalling to create UNIX timestamps like specified in the JWT standard.
func (*Time) MarshalJSON ¶ added in v1.2.0
MarshalJSON is the implementation of the json.Marshaler interface. It parses the Time value into a UNIX-Timestamp.
func (*Time) MarshalText ¶ added in v1.2.0
MarshalText is the implementation of the encoding.TextMarshaler interface. It parses the Time value into a UNIX-Timestamp.
func (*Time) UnmarshalJSON ¶ added in v1.2.0
UnmarshalJSON is the implementation of the json.Unmarshaler interface. It parses an UNIX-Timestamp into a Time value.
func (*Time) UnmarshalText ¶ added in v1.2.0
UnmarshalText is the implementation of the encoding.TextUnmarshaler interface. It parses an UNIX-Timestamp into a Time value.