Version: v0.3.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jun 22, 2021 License: Apache-2.0 Imports: 6 Imported by: 0



Package opinionated provides authentication token signing and verification with reasonable defaults for common use cases.



This section is empty.


View Source
var (
	ErrInvalidTypeParameter = errors.New("the 'typ' parameter in the JOSE Header has an invalid value")
	ErrMissingTypeParameter = errors.New("the required 'typ' parameter is missing in the JOSE Header")
	ErrRequiredClaimMissing = errors.New("a required JWT claim is missing")
	ErrSecretKeyTooShort    = errors.New("secret key must be at least 32 bytes long (and should be generated from a cryptographically secure random generator)")
	ErrTokenExpired         = errors.New("encountered an expired token")
	ErrTokenNotYetValid     = errors.New("encountered a token that is not yet valid (NotBefore claim)")


func NewTokenAuthority

func NewTokenAuthority(secretKey []byte) (KISStokens.TokenAuthority, error)

NewTokenAuthority creates a TokenAuthority that provides reasonable defaults for the use case of signing and verifying authentication tokens with a shared secret key.

The returned TokenAuthority - uses HMAC-SHA256 for signing and verifying tokens, requiring a secret key of sufficient size, - requires the "Issued At" and "Expiration Time" claims to be always set and - verifies the "Issued At", "Expiration Time" and "Not Before" claims. - required the "typ" JOSE Header Parameter to be present and to equal "JWT"

It is required that secretKey is at least 32 bytes long. Make sure the key is generated from a cryptographically secure random generator.


This section is empty.

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL