jwtclaims

package

v0.0.0-...-93fed14 Latest Latest Go to latest Published: Jan 5, 2024 License: BSD-3-Clause Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/FlintyLemming/netbird

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type AuthorizationClaims
type ClaimsExtractor
- func NewClaimsExtractor(options ...ClaimsExtractorOption) *ClaimsExtractor
- func (c *ClaimsExtractor) FromToken(token *jwt.Token) AuthorizationClaims
type ClaimsExtractorOption
type ExtractClaims
type JSONWebKey
type JWTValidator
- func NewJWTValidator(issuer string, audienceList []string, keysLocation string, ...) (*JWTValidator, error)
- func (m *JWTValidator) ValidateAndParse(token string) (*jwt.Token, error)
type Jwks
type Options

Constants ¶

View Source

const (
	// TokenUserProperty key for the user property in the request context
	TokenUserProperty = "user"
	// AccountIDSuffix suffix for the account id claim
	AccountIDSuffix = "wt_account_id"
	// DomainIDSuffix suffix for the domain id claim
	DomainIDSuffix = "wt_account_domain"
	// DomainCategorySuffix suffix for the domain category claim
	DomainCategorySuffix = "wt_account_domain_category"
	// UserIDClaim claim for the user id
	UserIDClaim = "sub"
	// LastLoginSuffix claim for the last login
	LastLoginSuffix = "nb_last_login"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthorizationClaims ¶

type AuthorizationClaims struct {
	UserId         string
	AccountId      string
	Domain         string
	DomainCategory string
	LastLogin      time.Time

	Raw jwt.MapClaims
}

AuthorizationClaims stores authorization information from JWTs

type ClaimsExtractor ¶

type ClaimsExtractor struct {
	FromRequestContext ExtractClaims
	// contains filtered or unexported fields
}

ClaimsExtractor struct that holds the extract function

func NewClaimsExtractor ¶

func NewClaimsExtractor(options ...ClaimsExtractorOption) *ClaimsExtractor

NewClaimsExtractor returns an extractor, and if provided with a function with ExtractClaims signature, then it will use that logic. Uses ExtractClaimsFromRequestContext by default

func (*ClaimsExtractor) FromToken ¶

func (c *ClaimsExtractor) FromToken(token *jwt.Token) AuthorizationClaims

FromToken extracts claims from the token (after auth)

type ClaimsExtractorOption ¶

type ClaimsExtractorOption func(*ClaimsExtractor)

ClaimsExtractorOption is a function that configures the ClaimsExtractor

func WithAudience ¶

func WithAudience(audience string) ClaimsExtractorOption

WithAudience sets the audience for the extractor

func WithFromRequestContext ¶

func WithFromRequestContext(ec ExtractClaims) ClaimsExtractorOption

WithFromRequestContext sets the function that extracts claims from the request context

func WithUserIDClaim ¶

func WithUserIDClaim(userIDClaim string) ClaimsExtractorOption

WithUserIDClaim sets the user id claim for the extractor

type ExtractClaims ¶

type ExtractClaims func(r *http.Request) AuthorizationClaims

ExtractClaims Extract function type

type JSONWebKey ¶

type JSONWebKey struct {
	Kty string   `json:"kty"`
	Kid string   `json:"kid"`
	Use string   `json:"use"`
	N   string   `json:"n"`
	E   string   `json:"e"`
	X5c []string `json:"x5c"`
}

JSONWebKey is a representation of a Jason Web Key

type JWTValidator ¶

type JWTValidator struct {
	// contains filtered or unexported fields
}

JWTValidator struct to handle token validation and parsing

func NewJWTValidator ¶

func NewJWTValidator(issuer string, audienceList []string, keysLocation string, idpSignkeyRefreshEnabled bool) (*JWTValidator, error)

NewJWTValidator constructor

func (*JWTValidator) ValidateAndParse ¶

func (m *JWTValidator) ValidateAndParse(token string) (*jwt.Token, error)

ValidateAndParse validates the token and returns the parsed token

type Jwks ¶

type Jwks struct {
	Keys []JSONWebKey `json:"keys"`
	// contains filtered or unexported fields
}

Jwks is a collection of JSONWebKey obtained from Config.HttpServerConfig.AuthKeysLocation

type Options ¶

type Options struct {
	// The function that will return the Key to validate the JWT.
	// It can be either a shared secret or a public key.
	// Default value: nil
	ValidationKeyGetter jwt.Keyfunc
	// The name of the property in the request where the user information
	// from the JWT will be stored.
	// Default value: "user"
	UserProperty string
	// The function that will be called when there's an error validating the token
	// Default value:
	CredentialsOptional bool
	// A function that extracts the token from the request
	// Default: FromAuthHeader (i.e., from Authorization header as bearer token)
	Debug bool
	// When set, all requests with the OPTIONS method will use authentication
	// Default: false
	EnableAuthOnOptions bool
	// When set, the middelware verifies that tokens are signed with the specific signing algorithm
	// If the signing method is not constant the ValidationKeyGetter callback can be used to implement additional checks
	// Important to avoid security issues described here: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
	// Default: nil
	SigningMethod jwt.SigningMethod
}

Options is a struct for specifying configuration options for the middleware.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL