jwt

package
v1.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 28, 2019 License: MIT Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrJWTError = goa.NewErrorClass("jwt_security_error", 401)

ErrJWTError is the error returned by this middleware when any sort of validation or assertion fails during processing.

Functions

func ContextJWT

func ContextJWT(ctx context.Context) *jwt.Token

ContextJWT retrieves the JWT token from a `context` that went through our security middleware.

func New

func New(validationKeys interface{}, validationFunc goa.Middleware, scheme *goa.JWTSecurity) goa.Middleware

New returns a middleware to be used with the JWTSecurity DSL definitions of goa. It supports the scopes claim in the JWT and ensures goa-defined Security DSLs are properly validated.

The steps taken by the middleware are:

  1. Extract the "Bearer" token from the Authorization header or query parameter
  2. Validate the "Bearer" token against the key(s) given to New
  3. If scopes are defined in the design for the action, validate them against the scopes presented by the JWT in the claim "scope", or if that's not defined, "scopes".

The `exp` (expiration) and `nbf` (not before) date checks are validated by the JWT library.

validationKeys can be one of these:

  • a string (for HMAC)
  • a []byte (for HMAC)
  • an rsa.PublicKey
  • an ecdsa.PublicKey
  • a slice of any of the above

The type of the keys determine the algorithm that will be used to do the check. The goal of having lists of keys is to allow for key rotation, still check the previous keys until rotation has been completed.

You can define an optional function to do additional validations on the token once the signature and the claims requirements are proven to be valid. Example:

validationHandler, _ := goa.NewMiddleware(func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
    token := jwt.ContextJWT(ctx)
    if val, ok := token.Claims["is_uncle"].(string); !ok || val != "ben" {
        return jwt.ErrJWTError("you are not uncle ben's")
    }
})

Mount the middleware with the generated UseXX function where XX is the name of the scheme as defined in the design, e.g.:

app.UseJWT(jwt.New("secret", validationHandler, app.NewJWTSecurity()))

func WithJWT

func WithJWT(ctx context.Context, t *jwt.Token) context.Context

WithJWT creates a child context containing the given JWT.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL