README
¶
做中国最好的JWT包
How to use it?
获取包
go get -u gopkg.in/jwt.v1
Example:
//获取一个claims
claims := NewClaims()
//注册一个域名
claims.RegisterAud("example.com", "api.example.com")
/*
"iss": "https://server.example.com",
"sub": "24400320",
"aud": "s6BhdRkqt3",
"nonce": "n-0S6_WzA2Mj",
"exp": 1311281970,
"iat": 1311280970,
"auth_time": 1311280969,
"acr": "urn:mace:incommon:iap:silver"
*/
//上面的数据串可以通过如下方式注册
claims.RegisterIss("https://server.example.com")
claims.RegisterSub("24400320")
claims.RegisterExp(time.Now())
claims.RegisterIat(time.Now())
//获取数据串
claims.IssuedAt()
claims.Subject()
claims.Expiration() // or claims.ExpirationTime()
claims.IssuedAt()
//自定义一个string的acr值
claims.Register("acr","urn:mace:incommon:iap:silver")
claims.Register("nonce","a string value")
//传入一个time类型
claims.RegisterByTime("auth_time",time.Now())
//创建一个header
header := NewHeader() // or NewJWTHeader
header.Register(HEADER_TYPE, "JWT")
//指定压缩方式
header.Register(HEADER_ALGORITHM, "HS256")
//或者
header := DefaultHeader()
//使用claims,header,key 来创建token
token := NewToken(claims, header, "abcdef")
//使用序列化token用于传输
serializedToken, _ := token.Serialize()
//当接受到一串序列化token时:
//通过key和序列化token,反序列化得到token
newToken, _ := ParseToken(serializedToken, "abcdef")
//获取claims
newToken.Claims()
//获取header
newToken.Header()
//验证claims
claims.Validate(newToken)
Documentation
¶
Index ¶
- Constants
- Variables
- func Base64Decode(b string) ([]byte, error)
- func Base64Encode(b []byte) string
- func DecodeEscaped(b []byte) ([]byte, error)
- func EncodeEscape(b []byte) []byte
- func ParseBase64(serialized string, v interface{}) error
- type ClaimNames
- type Claims
- func (c *Claims) Audience() ([]string, bool)
- func (c *Claims) Base64() string
- func (c *Claims) Expiration() (time.Time, bool)
- func (c *Claims) ExpirationTime() (time.Time, bool)
- func (c *Claims) Find(names ClaimNames) (v interface{}, b bool)
- func (c *Claims) FindToString(names ClaimNames) (string, bool)
- func (c *Claims) FindToTime(names ClaimNames) (time.Time, bool)
- func (c *Claims) Has(names ClaimNames) bool
- func (c *Claims) IssuedAt() (time.Time, bool)
- func (c *Claims) Issuer() (string, bool)
- func (c *Claims) JWTID() (string, bool)
- func (c *Claims) NotBefore() (time.Time, bool)
- func (c *Claims) Register(names ClaimNames, v interface{})
- func (c *Claims) RegisterAud(v ...string)
- func (c *Claims) RegisterByTime(names ClaimNames, time time.Time)
- func (c *Claims) RegisterExp(t time.Time)
- func (c *Claims) RegisterIat(t time.Time)
- func (c *Claims) RegisterIss(v string)
- func (c *Claims) RegisterJti(v string)
- func (c *Claims) RegisterNbf(t time.Time)
- func (c *Claims) RegisterSub(v string)
- func (c *Claims) Remove(names ClaimNames)
- func (c *Claims) Subject() (string, bool)
- func (c *Claims) Validate(jwt JWT) error
- func (c *Claims) ValidateAudience(jwt JWT) error
- func (c *Claims) ValidateExpiration(jwt JWT) error
- func (c *Claims) ValidateIssuedAt(jwt JWT) error
- func (c *Claims) ValidateIssuer(jwt JWT) error
- func (c *Claims) ValidateJWTID(jwt JWT) error
- func (c *Claims) ValidateNotBefore(jwt JWT) error
- func (c *Claims) ValidateSubject(jwt JWT) error
- type Header
- type HeaderTypes
- type JWT
- type KeyByte
- type Token
- type TokenString
Constants ¶
View Source
const ( TOKEN_HEADER = iota TOKEN_CLAIMS TOKEN_SIGN TOKEN_MAX )
View Source
const ClaimMax = 7
View Source
const HeaderMax = 11
Variables ¶
View Source
var ( // ErrorTokenIsExpired is return when time.Now().Unix() is after // the token's "exp" claim. ErrorTokenIsExpired = errors.New("token is expired") // ErrorTokenNotYetValid is return when time.Now().Unix() is before // the token's "nbf" claim. ErrorTokenNotYetValid = errors.New("token is not yet valid") // ErrorInvalidISSClaim means the "iss" claim is invalid. ErrorInvalidISSClaim = errors.New("claim \"iss\" is invalid") // ErrorInvalidSUBClaim means the "sub" claim is invalid. ErrorInvalidSUBClaim = errors.New("claim \"sub\" is invalid") // ErrorInvalidIATClaim means the "iat" claim is invalid. ErrorInvalidIATClaim = errors.New("claim \"iat\" is invalid") // ErrorInvalidJTIClaim means the "jti" claim is invalid. ErrorInvalidJTIClaim = errors.New("claim \"jti\" is invalid") // ErrorInvalidAUDClaim means the "aud" claim is invalid. ErrorInvalidAUDClaim = errors.New("claim \"aud\" is invalid") )
View Source
var (
CaimsErrorTimeFunc = errors.New("time must set by RegisterByTime")
)
Functions ¶
func Base64Decode ¶
from https://github.com/SermoDigital/jose/blob/master/base64.go Base64Decode
func DecodeEscaped ¶
func EncodeEscape ¶
func ParseBase64 ¶
Types ¶
type ClaimNames ¶
type ClaimNames string
const ( CLAIM_ISSUER ClaimNames = "iss" CLAIM_SUBJECT ClaimNames = "sub" CLAIM_AUDIENCE ClaimNames = "aud" CLAIM_EXPIRATION_TIME ClaimNames = "exp" CLAIM_NOT_BEFORE ClaimNames = "nbf" CLAIM_ISSUED_AT ClaimNames = "iat" CLAIM_JWT_ID ClaimNames = "jti" )
type Claims ¶
type Claims map[ClaimNames]interface{}
func ParseClaims ¶
func (*Claims) Audience ¶
*
- Returns the JWT <a href="https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-25#section-4.1.3">
- <code>aud</code></a> (audience) value or {nil} if not present. *
- @return the JWT {[]string,true} value or {nil,false} if not present.
func (*Claims) Expiration ¶
*
- Returns the JWT <a href="https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-25#section-4.1.4">
- <code>exp</code></a> (expiration) timestamp or {Time{}} if not present. *
- <p>A JWT obtained after this timestamp should not be used.</p> *
- @return the JWT {exp,true} value or {Time{},false} if not present.
func (*Claims) ExpirationTime ¶
Expiration's alias
func (*Claims) Find ¶
func (c *Claims) Find(names ClaimNames) (v interface{}, b bool)
func (*Claims) FindToString ¶ added in v1.0.2
func (c *Claims) FindToString(names ClaimNames) (string, bool)
func (*Claims) FindToTime ¶
func (c *Claims) FindToTime(names ClaimNames) (time.Time, bool)
func (*Claims) Has ¶
func (c *Claims) Has(names ClaimNames) bool
func (*Claims) IssuedAt ¶
*
- Returns the JWT <a href="https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-25#section-4.1.6">
- <code>iat</code></a> (issued at) timestamp or {Time{}} if not present. *
- <p>If present, this value is the timestamp when the JWT was created.</p> *
- @return the JWT {nbf,true} value or {Time,false} if not present.
func (*Claims) Issuer ¶
*
- Returns the JWT <a href="https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-25#section-4.1.1">
- <code>iss</code></a> (issuer) value or {""} if not present. *
- @return the JWT {iss,true} value or {"",false} if not present.
func (*Claims) JWTID ¶ added in v1.0.2
*
- Returns the JWTs <a href="https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-25#section-4.1.7">
- <code>jti</code></a> (JWT ID) value or {""} if not present. *
- <p>This value is a CaSe-SenSiTiVe unique identifier for the JWT. If available, this value is expected to be
- assigned in a manner that ensures that there is a negligible probability that the same value will be
- accidentally
- assigned to a different data object. The ID can be used to prevent the JWT from being replayed.</p> *
- @return the JWT {jti,true} value or {"",false} if not present.
func (*Claims) NotBefore ¶
*
- Returns the JWT <a href="https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-25#section-4.1.5">
- <code>nbf</code></a> (not before) timestamp or {Time{}} if not present.
- <p>A JWT obtained before this timestamp should not be used.</p> *
- @return the JWT {nbf,true} value or {Time{},false} if not present.
func (*Claims) Register ¶
func (c *Claims) Register(names ClaimNames, v interface{})
func (*Claims) RegisterAud ¶
func (*Claims) RegisterByTime ¶
func (c *Claims) RegisterByTime(names ClaimNames, time time.Time)
func (*Claims) RegisterExp ¶
func (*Claims) RegisterIat ¶
func (*Claims) RegisterIss ¶
func (*Claims) RegisterJti ¶
func (*Claims) RegisterNbf ¶
func (*Claims) RegisterSub ¶
func (*Claims) Remove ¶
func (c *Claims) Remove(names ClaimNames)
func (*Claims) Subject ¶
*
- Returns the JWT <a href="https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-25#section-4.1.2">
- <code>sub</code></a> (subject) value or {""} if not present. *
- @return the JWT {sub,true} value or {"",false} if not present.
func (*Claims) ValidateAudience ¶ added in v1.0.2
func (*Claims) ValidateExpiration ¶ added in v1.0.2
func (*Claims) ValidateIssuedAt ¶ added in v1.0.2
func (*Claims) ValidateIssuer ¶ added in v1.0.2
func (*Claims) ValidateJWTID ¶ added in v1.0.2
func (*Claims) ValidateNotBefore ¶ added in v1.0.2
func (*Claims) ValidateSubject ¶ added in v1.0.2
type Header ¶
type Header map[HeaderTypes]interface{}
func DefaultHeader ¶ added in v1.0.2
func DefaultHeader() *Header
func NewJWTHeader ¶
func NewJWTHeader() *Header
func ParseHeader ¶
func (*Header) Alg ¶
func (h *Header) Alg() crypto.SigningNames
func (*Header) Find ¶
func (h *Header) Find(types HeaderTypes) (interface{}, bool)
func (*Header) Has ¶
func (h *Header) Has(types HeaderTypes) bool
func (*Header) Register ¶
func (h *Header) Register(types HeaderTypes, v interface{})
func (*Header) Remove ¶
func (h *Header) Remove(types HeaderTypes)
type HeaderTypes ¶
type HeaderTypes string
const ( HEADER_ALGORITHM HeaderTypes = "alg" HEADER_JWK_SET_URL HeaderTypes = "jku" HEADER_JSON_WEB_KEY HeaderTypes = "jwk" HEADER_KEY_ID HeaderTypes = "kid" HEADER_X509_URL HeaderTypes = "x5u" HEADER_X509_CERTIFICATE_CHAIN HeaderTypes = "x5c" HEADER_X509_CERTIFICATE_SHA1_THUMBPRINT HeaderTypes = "x5t" HEADER_X509_CERTIFICATE_SHA256_THUMBPRINT HeaderTypes = "x5t#S256" HEADER_TYPE HeaderTypes = "typ" HEADER_CONTENT_TYPE HeaderTypes = "cty" HEADER_CRITICAL HeaderTypes = "crit" )
type Token ¶
type Token interface {
Verify() error
Claims() *Claims
Header() *Header
Serialize() (string, error)
SetKey(key interface{})
}
func ParseToken ¶
type TokenString ¶
type TokenString []string
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.