Documentation ¶
Overview ¶
Package jwt implements JWTs per RFC 7519
Index ¶
- Variables
- func ValidAudience(a, b interface{}) bool
- type Claims
- func (c Claims) Audience() ([]string, bool)
- func (c Claims) Base64() ([]byte, error)
- func (c Claims) Del(key string)
- func (c Claims) Expiration() (time.Time, bool)
- func (c Claims) Get(key string) interface{}
- func (c Claims) GetTime(key string) (time.Time, bool)
- func (c Claims) Has(key string) bool
- func (c Claims) IssuedAt() (time.Time, bool)
- func (c Claims) Issuer() (string, bool)
- func (c Claims) JWTID() (string, bool)
- func (c Claims) MarshalJSON() ([]byte, error)
- func (c Claims) NotBefore() (time.Time, bool)
- func (c Claims) RemoveAudience()
- func (c Claims) RemoveExpiration()
- func (c Claims) RemoveIssuedAt()
- func (c Claims) RemoveIssuer()
- func (c Claims) RemoveJWTID()
- func (c Claims) RemoveNotBefore()
- func (c Claims) RemoveSubject()
- func (c Claims) Set(key string, val interface{})
- func (c Claims) SetAudience(audience ...string)
- func (c Claims) SetExpiration(expiration time.Time)
- func (c Claims) SetIssuedAt(issuedAt time.Time)
- func (c Claims) SetIssuer(issuer string)
- func (c Claims) SetJWTID(uniqueID string)
- func (c Claims) SetNotBefore(notBefore time.Time)
- func (c Claims) SetSubject(subject string)
- func (c Claims) SetTime(key string, t time.Time)
- func (c Claims) Subject() (string, bool)
- func (c *Claims) UnmarshalJSON(b []byte) error
- func (c Claims) Validate(now time.Time, expLeeway, nbfLeeway time.Duration) error
- type JWT
- type ValidateFunc
- type Validator
- func (v *Validator) SetAudience(aud string)
- func (v *Validator) SetClaim(claim string, val interface{})
- func (v *Validator) SetExpiration(exp time.Time)
- func (v *Validator) SetIssuedAt(iat time.Time)
- func (v *Validator) SetIssuer(iss string)
- func (v *Validator) SetJWTID(jti string)
- func (v *Validator) SetNotBefore(nbf time.Time)
- func (v *Validator) SetSubject(sub string)
- func (v *Validator) Validate(j JWT) error
Constants ¶
This section is empty.
Variables ¶
var ( // ErrTokenIsExpired is return when time.Now().Unix() is after // the token's "exp" claim. ErrTokenIsExpired = errors.New("token is expired") // ErrTokenNotYetValid is return when time.Now().Unix() is before // the token's "nbf" claim. ErrTokenNotYetValid = errors.New("token is not yet valid") // ErrInvalidISSClaim means the "iss" claim is invalid. ErrInvalidISSClaim = errors.New("claim \"iss\" is invalid") // ErrInvalidSUBClaim means the "sub" claim is invalid. ErrInvalidSUBClaim = errors.New("claim \"sub\" is invalid") // ErrInvalidIATClaim means the "iat" claim is invalid. ErrInvalidIATClaim = errors.New("claim \"iat\" is invalid") // ErrInvalidJTIClaim means the "jti" claim is invalid. ErrInvalidJTIClaim = errors.New("claim \"jti\" is invalid") // ErrInvalidAUDClaim means the "aud" claim is invalid. ErrInvalidAUDClaim = errors.New("claim \"aud\" is invalid") )
Functions ¶
Types ¶
type Claims ¶
type Claims map[string]interface{}
Claims implements a set of JOSE Claims with the addition of some helper methods, similar to net/url.Values.
func (Claims) Audience ¶
Audience retrieves claim "aud" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.3
func (Claims) Base64 ¶
Base64 implements the jose.Encoder interface.
func (Claims) Del ¶
Del removes the value that corresponds with key from the Claims.
func (Claims) Expiration ¶
Expiration retrieves claim "exp" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.4
func (Claims) Get ¶
Get retrieves the value corresponding with key from the Claims.
func (Claims) GetTime ¶
GetTime returns a UNIX time for the given key.
It converts an int, int32, int64, uint, uint32, uint64 or float64 value into a UNIX time (epoch seconds). float32 does not have sufficient precision to store a UNIX time.
Numeric values parsed from JSON will always be stored as float64 since Claims is a map[string]interface{}. However, internally the values may be stored directly in the claims map as different types.
func (Claims) Has ¶
Has returns true if a value for the given key exists inside the Claims.
func (Claims) IssuedAt ¶
IssuedAt retrieves claim "iat" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.6
func (Claims) Issuer ¶
Issuer retrieves claim "iss" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.1
func (Claims) JWTID ¶
JWTID retrieves claim "jti" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.7
func (Claims) MarshalJSON ¶
MarshalJSON implements json.Marshaler for Claims.
func (Claims) NotBefore ¶
NotBefore retrieves claim "nbf" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.5
func (Claims) RemoveAudience ¶
func (c Claims) RemoveAudience()
RemoveAudience deletes claim "aud" from c.
func (Claims) RemoveExpiration ¶
func (c Claims) RemoveExpiration()
RemoveExpiration deletes claim "exp" from c.
func (Claims) RemoveIssuedAt ¶
func (c Claims) RemoveIssuedAt()
RemoveIssuedAt deletes claim "iat" from c.
func (Claims) RemoveIssuer ¶
func (c Claims) RemoveIssuer()
RemoveIssuer deletes claim "iss" from c.
func (Claims) RemoveNotBefore ¶
func (c Claims) RemoveNotBefore()
RemoveNotBefore deletes claim "nbf" from c.
func (Claims) RemoveSubject ¶
func (c Claims) RemoveSubject()
RemoveSubject deletes claim "sub" from c.
func (Claims) Set ¶
Set sets Claims[key] = val. It'll overwrite without warning.
func (Claims) SetAudience ¶
SetAudience sets claim "aud" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.3
func (Claims) SetExpiration ¶
SetExpiration sets claim "exp" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.4
func (Claims) SetIssuedAt ¶
SetIssuedAt sets claim "iat" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.6
func (Claims) SetIssuer ¶
SetIssuer sets claim "iss" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.1
func (Claims) SetJWTID ¶
SetJWTID sets claim "jti" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.7
func (Claims) SetNotBefore ¶
SetNotBefore sets claim "nbf" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.5
func (Claims) SetSubject ¶
SetSubject sets claim "iss" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.2
func (Claims) SetTime ¶
SetTime stores a UNIX time for the given key.
func (Claims) Subject ¶
Subject retrieves claim "sub" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.2
func (*Claims) UnmarshalJSON ¶
UnmarshalJSON implements json.Unmarshaler for Claims.
type JWT ¶
type JWT interface { // Claims returns the set of Claims. Claims() Claims // Validate returns an error describing any issues found while // validating the JWT. For info on the fn parameter, see the // comment on ValidateFunc. Validate(key interface{}, method crypto.SigningMethod, v ...*Validator) error // Serialize serializes the JWT into its on-the-wire // representation. Serialize(key interface{}) ([]byte, error) }
JWT represents a JWT per RFC 7519. It's described as an interface instead of a physical structure because both JWS and JWEs can be JWTs. So, in order to use either, import one of those two packages and use their "NewJWT" (and other) functions.
type ValidateFunc ¶
ValidateFunc is a function that provides access to the JWT and allows for custom validation. Keep in mind that the Verify methods in the JWS/JWE sibling packages call ValidateFunc *after* validating the JWS/JWE, but *before* any validation per the JWT RFC. Therefore, the ValidateFunc can be used to short-circuit verification, but cannot be used to circumvent the RFC. Custom JWT implementations are free to abuse this, but it is not recommended.
type Validator ¶
type Validator struct { Expected Claims // If non-nil, these are required to match. EXP time.Duration // EXPLeeway NBF time.Duration // NBFLeeway Fn ValidateFunc // See ValidateFunc for more information. // contains filtered or unexported fields }
Validator represents some of the validation options.
func (*Validator) SetAudience ¶
SetAudience sets the "aud" claim per https://tools.ietf.org/html/rfc7519#section-4.1.3
func (*Validator) SetClaim ¶
SetClaim sets the claim with the given val.
func (*Validator) SetExpiration ¶
SetExpiration sets the "exp" claim per https://tools.ietf.org/html/rfc7519#section-4.1.4
func (*Validator) SetIssuedAt ¶
SetIssuedAt sets the "iat" claim per https://tools.ietf.org/html/rfc7519#section-4.1.6
func (*Validator) SetIssuer ¶
SetIssuer sets the "iss" claim per https://tools.ietf.org/html/rfc7519#section-4.1.1
func (*Validator) SetJWTID ¶
SetJWTID sets the "jti" claim per https://tools.ietf.org/html/rfc7519#section-4.1.7
func (*Validator) SetNotBefore ¶
SetNotBefore sets the "nbf" claim per https://tools.ietf.org/html/rfc7519#section-4.1.5
func (*Validator) SetSubject ¶
SetSubject sets the "sub" claim per https://tools.ietf.org/html/rfc7519#section-4.1.2
func (*Validator) Validate ¶
Validate validates the JWT based on the expected claims in v. Note: it only validates the registered claims per https://tools.ietf.org/html/rfc7519#section-4.1
Custom claims should be validated using v's Fn member.