Documentation
¶
Overview ¶
Package opinionated provides authentication token signing and verification with reasonable defaults for common use cases.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidTypeParameter = errors.New("the 'typ' parameter in the JOSE Header has an invalid value") ErrMissingTypeParameter = errors.New("the required 'typ' parameter is missing in the JOSE Header") ErrRequiredClaimMissing = errors.New("a required JWT claim is missing") ErrSecretKeyTooShort = errors.New("secret key must be at least 32 bytes long (and should be generated from a cryptographically secure random generator)") ErrTokenExpired = errors.New("encountered an expired token") ErrTokenNotYetValid = errors.New("encountered a token that is not yet valid (NotBefore claim)") )
Functions ¶
func NewTokenAuthority ¶
func NewTokenAuthority(secretKey []byte) (KISStokens.TokenAuthority, error)
NewTokenAuthority creates a TokenAuthority that provides reasonable defaults for the use case of signing and verifying authentication tokens with a shared secret key.
The returned TokenAuthority - uses HMAC-SHA256 for signing and verifying tokens, requiring a secret key of sufficient size, - requires the "Issued At" and "Expiration Time" claims to be always set and - verifies the "Issued At", "Expiration Time" and "Not Before" claims. - required the "typ" JOSE Header Parameter to be present and to equal "JWT"
It is required that secretKey is at least 32 bytes long. Make sure the key is generated from a cryptographically secure random generator.
Types ¶
This section is empty.
Source Files