Version: v1.3.6 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Aug 25, 2020 License: Apache-2.0 Imports: 15 Imported by: 2




This section is empty.


View Source
var ErrBadCreds = errors.New("bad credentials")

ErrBadCreds will always be wrapped when a user's credentials are unexpected. This is so that we can distinguish between a client error from a server error

View Source
var TimeNow = func() time.Time { return time.Now() }

TimeNow is used internally to determine the current time. It has been abstracted to this global function as a mechanism to help with testing.


func GetAuthorizationToken added in v1.3.0

func GetAuthorizationToken(r *http.Request) (string, error)

GetAuthorizationToken will pull the Authorization header from the given request and attempt to retrieve the token within it.


type ClaimSetter

type ClaimSetter interface {
	BaseClaims() *jws.ClaimSet

ClaimSetter is an interface for all incoming claims to implement. This ensures the basic format used by the `jws` package.

type ClaimsDecoderFunc

type ClaimsDecoderFunc func(context.Context, []byte) (ClaimSetter, error)

ClaimsDecoderFunc will expect to convert a JSON payload into the appropriate claims type.

type JSONKey

type JSONKey struct {
	Kty string `json:"kty"`
	Alg string `json:"alg"`
	Use string `json:"use"`
	Kid string `json:"kid"`
	N   string `json:"n"`
	E   string `json:"e"`

JSONKey represents a public or private key in JWK format.

type JSONKeyResponse

type JSONKeyResponse struct {
	Keys []*JSONKey `json:"keys"`

JSONKeyResponse represents a JWK Set object.

type PublicKeySet

type PublicKeySet struct {
	Expiry time.Time
	Keys   map[string]*rsa.PublicKey

PublicKeySet contains a set of keys acquired from a JWKS that has an expiration.

func NewPublicKeySetFromJSON

func NewPublicKeySetFromJSON(payload []byte, ttl time.Duration) (PublicKeySet, error)

NewPublicKeySetFromJSON will accept a JSON payload in the format of the JSONKeyResponse and parse it into a PublicKeySet.

func NewPublicKeySetFromURL

func NewPublicKeySetFromURL(hc *http.Client, url string, defaultTTL time.Duration) (PublicKeySet, error)

NewPublicKeySetFromURL will attempt to fetch a JWKS from the given URL and parse it into a PublicKeySet. The endpoint the URL points to must return the same format as the JSONKeyResponse struct.

func (PublicKeySet) Expired

func (ks PublicKeySet) Expired() bool

Expired will return true if the current key set is expire according to its Expiry field.

func (PublicKeySet) GetKey

func (ks PublicKeySet) GetKey(id string) (*rsa.PublicKey, error)

GetKey will look for the given key ID in the key set and return it, if it exists.

type PublicKeySource

type PublicKeySource interface {
	Get(context.Context) (PublicKeySet, error)

PublicKeySource is to be used by servers who need to acquire public key sets for verifying inbound request's JWTs.

func NewReusePublicKeySource

func NewReusePublicKeySource(ks PublicKeySet, src PublicKeySource) PublicKeySource

NewReusePublicKeySource is a wrapper around PublicKeySources to only fetch a new key set once the current key cache has expired.

type Verifier

type Verifier struct {
	// contains filtered or unexported fields

Verifier is a generic tool for verifying JWT tokens.

func NewVerifier

func NewVerifier(ks PublicKeySource, df ClaimsDecoderFunc, vf VerifyFunc) *Verifier

NewVerifier returns a genric Verifier that will use the given funcs and key source.

func (Verifier) Verify

func (c Verifier) Verify(ctx context.Context, token string) (bool, error)

Verify will accept an opaque JWT token, decode it and verify it.

func (Verifier) VerifyInboundKitContext

func (c Verifier) VerifyInboundKitContext(ctx context.Context) (bool, error)

VerifyInboundKitContext is meant to be used within a go-kit stack that has populated the context with common headers, specficially kit/transport/http.ContextKeyRequestAuthorization.

func (Verifier) VerifyRequest added in v1.2.6

func (c Verifier) VerifyRequest(r *http.Request) (bool, error)

VerifyRequest will pull the token from the "Authorization" header of the inbound request then decode and verify it.

type VerifyFunc

type VerifyFunc func(context.Context, interface{}) bool

VerifyFunc will be called by the Verify if all other checks on the token pass. Developers should use this to encapsulate any business logic involved with token verification.

Source Files


Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL