jarm

package
v0.2.22 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 9, 2026 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EncodeParameters 

func EncodeParameters(token, _ string, tErr error) (parameters url.Values, err error)

EncodeParameters takes the result from jarm.Generate and turns it into parameters in the form of url.Values.

func Generate 

func Generate(ctx context.Context, config Configurator, client Client, session any, parameters url.Values) (token, signature string, err error)

Generate generates the token and signature for a JARM response.

Types

type Client 

type Client interface {
	// GetID returns the client ID.
	GetID() (id string)

	// IsPublic returns true if the client has the public client type.
	IsPublic() (public bool)

	// GetAuthorizationSignedResponseKeyID returns the specific key identifier used to satisfy JWS requirements of the
	// JWT-secured Authorization Response Method (JARM) specifications. If unspecified the other available parameters
	// will be utilized to select an appropriate key.
	GetAuthorizationSignedResponseKeyID() (kid string)

	// GetAuthorizationSignedResponseAlg is equivalent to the 'authorization_signed_response_alg' client metadata
	// value which determines the JWS [RFC7515] alg algorithm JWA [RFC7518] REQUIRED for signing authorization
	// responses. If this is specified, the response will be signed using JWS and the configured algorithm. The
	// algorithm none is not allowed. The default, if omitted, is RS256.
	GetAuthorizationSignedResponseAlg() (alg string)

	// GetAuthorizationEncryptedResponseKeyID returns the specific key identifier used to satisfy JWE requirements of
	// the JWT-secured Authorization Response Method (JARM) specifications. If unspecified the other available parameters will be
	// utilized to select an appropriate key.
	GetAuthorizationEncryptedResponseKeyID() (kid string)

	// GetAuthorizationEncryptedResponseAlg is equivalent to the 'authorization_encrypted_response_alg' client metadata
	// value which determines the JWE [RFC7516] alg algorithm JWA [RFC7518] REQUIRED for encrypting authorization
	// responses. If both signing and encryption are requested, the response will be signed then encrypted, with the
	// result being a Nested JWT, as defined in JWT [RFC7519]. The default, if omitted, is that no encryption is
	// performed.
	GetAuthorizationEncryptedResponseAlg() (alg string)

	// GetAuthorizationEncryptedResponseEnc is equivalent to the 'authorization_encrypted_response_enc' client
	// metadata value which determines the JWE [RFC7516] enc algorithm JWA [RFC7518] REQUIRED for encrypting
	// authorization responses. If authorization_encrypted_response_alg is specified, the default for this value is
	// A128CBC-HS256. When authorization_encrypted_response_enc is included, authorization_encrypted_response_alg MUST
	// also be provided.
	GetAuthorizationEncryptedResponseEnc() (alg string)
}

type Configurator 

type Configurator interface {
	GetJWTSecuredAuthorizeResponseModeIssuer(ctx context.Context) string
	GetJWTSecuredAuthorizeResponseModeStrategy(ctx context.Context) jwt.Strategy
	GetJWTSecuredAuthorizeResponseModeLifespan(ctx context.Context) time.Duration
}

type JWTSessionContainer 

type JWTSessionContainer interface {
	GetJWTHeader() *jwt.Headers
	GetJWTClaims() jwt.JWTClaimsContainer
}

type OpenIDSession 

type OpenIDSession interface {
	IDTokenHeaders() *jwt.Headers
	IDTokenClaims() *jwt.IDTokenClaims
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.