README
¶
go-jwt 
Golang JSON Web Token builder with easy to use API for JWS and nested JWT (JWS+JWE)
It wraps and is inspired by gopkg.in/square/go-jose.v2 (especially jwt subpackage)
NOTE: Please, make sure you get fixed version of go-jose.v2. https://github.com/square/go-jose/issues/142
Usage:
package main
import (
"fmt"
"github.com/Bplotka/go-jwt"
)
func main() {
p := "some_payload"
cl := jwt.Claims{
// Your standard claims here...
}
b, err := jwt.NewDefaultBuilder() // or jwt.NewBuilder(rsaPrvKey, signAlg, keyAlg, contentAlg)
if err != nil {
// Handle error here...
}
token, err := b.SignedAndEncryptedJWT().
Claims(cl).
Payload(p).
CompactSerialize()
if err != nil {
// Handle error here...
}
// Generated valid nested JWT in `token` variable!
// (....)
// Let's revert the process:
obtainer := b.FromSignedAndEncryptedJWT(token)
var fetched string
err = obtainer.Payload(&fetched)
if err != nil {
// Handle error here..
}
// We have "some_payload" again in `fetched` variable.
fetchedStdClaims, err := obtainer.StdClaims()
if err != nil {
// Handle error here..
}
// We have our standard claims again in `fetchedStdClaims` variable.
fmt.Println(fetchedStdClaims.Issuer)
fmt.Println(fetchedStdClaims.Subject)
// ...
}
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Builder ¶
type Builder struct {
*SignedObtainer
// contains filtered or unexported fields
}
Builder is an builder that is able to construct nested JWT or JWS with custom payload claim or other claims. (Nested JSON Web Token is token that is signed and encrypted respectively). For each instance separate private RSA key is assigned, which is used to constructs and obtain all tokens. All JWT generated from builder will have headers in form of:
cty: JWT typ: JWT alg: algorithm used for signing or key management. enc: algorithm used for encryption if encryption was used. kid: hash of key used.
func NewBuilder ¶
func NewBuilder( prvKey *rsa.PrivateKey, signatureAlgorithm jose.SignatureAlgorithm, keyAlgorithm jose.KeyAlgorithm, contentAlgorithm jose.ContentEncryption, ) (*Builder, error)
NewBuilder constructs new Builder that is able to construct and read all types of JSON Web tokens.
func NewDefaultBuilder ¶
NewDefaultBuilder constructs new Builder that is able to construct and read all types of JSON Web tokens. Uses default signature, key and content algorithms. Private key is auto-generated.
func (*Builder) FromJWE ¶
func (j *Builder) FromJWE(token string) *ObtainerWrapper
FromJWE decrypts JSON Web Token's. Returned ObtainerWrapper can be used to fetch claims. Decryption is done by ObtainerWrapper.
func (*Builder) FromSignedAndEncryptedJWT ¶
func (j *Builder) FromSignedAndEncryptedJWT(token string) *ObtainerWrapper
FromSignedAndEncryptedJWT parsed given token as nested JSON Web Token's and decrypts it. Returned ObtainerWrapper can be used to fetch claims. Signature verification is done by ObtainerWrapper.
func (*Builder) JWE ¶
func (j *Builder) JWE() *BuilderWrapper
JWE constructs JSON Web Token that is only encrypted.
func (*Builder) JWS ¶
func (j *Builder) JWS() *BuilderWrapper
JWS constructs JSON Web Token that is only signed.
func (*Builder) SignedAndEncryptedJWT ¶
func (j *Builder) SignedAndEncryptedJWT() *BuilderWrapper
SignedAndEncryptedJWT constructs nested JSON Web Token that is both signed and encrypted respectively
type BuilderWrapper ¶
type BuilderWrapper struct {
// contains filtered or unexported fields
}
BuilderWrapper wraps specified engine and enabling packing and serializing claims into single token.
func (*BuilderWrapper) Claims ¶
func (b *BuilderWrapper) Claims(claims interface{}) *BuilderWrapper
Claims encodes claims into JWE/JWS form. Multiple calls will merge claims into single JSON object.
func (*BuilderWrapper) CompactSerialize ¶
func (b *BuilderWrapper) CompactSerialize() (string, error)
CompactSerialize serializes constructed token into compact form.
func (*BuilderWrapper) Payload ¶
func (b *BuilderWrapper) Payload(payload interface{}) *BuilderWrapper
Payload encodes payload into JWE/JWS form in a `payload` field. Multiple calls will override payload.
type Claims ¶
type Claims struct {
Issuer string `json:"iss,omitempty"`
Subject string `json:"sub,omitempty"`
Audience []string `json:"aud,omitempty"`
Expiry NumericDate `json:"exp,omitempty"`
NotBefore NumericDate `json:"nbf,omitempty"`
IssuedAt NumericDate `json:"iat,omitempty"`
ID string `json:"jti,omitempty"`
// contains filtered or unexported fields
}
Claims specify registered claim names specified in https://tools.ietf.org/html/rfc7519#section-4.1.
func (Claims) ValidateExpiryWithLeeway ¶
ValidateExpiryWithLeeway checks time based claims. A custom leeway may be specified for comparing time values. You may pass a zero value to check time values with no leeway, but you should note that numeric date values are rounded to the nearest second and sub-second precision is not supported.
type NumericDate ¶
type NumericDate int64
NumericDate represents date and time as the number of seconds since the epoch, including leap seconds. Non-integer values can be represented in the serialized format, but we round to the nearest second.
func NewNumericDate ¶
func NewNumericDate(t time.Time) NumericDate
NewNumericDate constructs NumericDate from time.Time value.
func (NumericDate) MarshalJSON ¶
func (n NumericDate) MarshalJSON() ([]byte, error)
MarshalJSON serializes the given NumericDate into its JSON representation.
func (NumericDate) Time ¶
func (n NumericDate) Time() time.Time
Time returns time.Time representation of NumericDate.
func (*NumericDate) UnmarshalJSON ¶
func (n *NumericDate) UnmarshalJSON(b []byte) error
UnmarshalJSON reads a date from its JSON representation.
type ObtainerWrapper ¶
type ObtainerWrapper struct {
// contains filtered or unexported fields
}
ObtainerWrapper wraps token and enables deserialization from token.
func (*ObtainerWrapper) Claims ¶
func (o *ObtainerWrapper) Claims(out interface{}) error
Claims decodes claims from JWE/JWS form. Multiple calls are allowed.
func (*ObtainerWrapper) Payload ¶
func (o *ObtainerWrapper) Payload(out interface{}) error
Payload decodes payload from JWE/JWS form. Multiple calls are allowed.
func (*ObtainerWrapper) StdClaims ¶
func (o *ObtainerWrapper) StdClaims() (Claims, error)
StdClaims decodes standard registered claims from JWE/JWS form. Multiple calls are allowed.
type SignedObtainer ¶
type SignedObtainer struct {
// contains filtered or unexported fields
}
SignedObtainer is struct that is able only to parse not encrypted JSON Web tokens.
func NewSignedObtainer ¶
func NewSignedObtainer(publicKey *jose.JSONWebKey) *SignedObtainer
NewSignedObtainer constructs SignedObtainer.
func (*SignedObtainer) FromJWS ¶
func (j *SignedObtainer) FromJWS(token string) *ObtainerWrapper
FromJWS parses given JWS. Returned ObtainerWrapper can be used to fetch claims. Signature verification is done by ObtainerWrapper.
func (*SignedObtainer) PublicJWK ¶
func (j *SignedObtainer) PublicJWK() jose.JSONWebKey
PublicJWK gets Public RSA key wrapped in JSON Web Key used by this Obtainer.
func (*SignedObtainer) PublicRSAKey ¶
func (j *SignedObtainer) PublicRSAKey() rsa.PublicKey
PublicRSAKey gets Public RSA key used by this Obtainer.
func (*SignedObtainer) VerifyStdClaims ¶
func (j *SignedObtainer) VerifyStdClaims(claims Claims, expected Claims) error
VerifyStdClaims verifies standard "iss", "sub", "aud", "exp" claims from JWT RFC (https://tools.ietf.org/html/rfc7519).
Source Files