verifier

Documentation

Index

• Variables
• type Certs
  • func (c *Certs) Key(id string) *rsa.PublicKey
• type GoogleClaims
• type StandardClaims
  • func (c *StandardClaims) SetAllowedSkew(skew time.Duration)
  • func (c StandardClaims) Valid() error
  • func (c *StandardClaims) VerifyAudience(audience string) bool
  • func (c *StandardClaims) VerifyDomain(domain string) bool
• type Verifier
  • func NewVerifier() *Verifier
  • func (v *Verifier) VerifyIDToken(token string, claims GoogleClaims) error
  • func (v *Verifier) WithAudiences(audiences ...string) *Verifier
  • func (v *Verifier) WithDomains(domains ...string) *Verifier

Variables

var (
	ErrWrongSignature    = errors.New("token uses the wrong signature algorithm")
	ErrPublicKeyNotFound = errors.New("token references unknown public key")
	ErrInvalidToken      = errors.New("token is invalid")
	ErrIssuedAt          = errors.New("token used before issued")
	ErrExpired           = errors.New("token is expired")
	ErrInvalidIssuer     = errors.New("token has an invalid issuer")
	ErrInvalidAudience   = errors.New("token has an invalid audience")
	ErrInvalidDomain     = errors.New("token has an invalid domain")
)

var (
	// TimeFunc provides the current time when parsing token to validate "exp" claim (expiration time).
	// You can override it to use another time value.  This is useful for testing or if your
	// server uses a different time zone than your tokens.
	TimeFunc = time.Now
)

Types

type Certs

type Certs struct {
	Keys   map[string]*rsa.PublicKey
	Expiry time.Time
}

func (*Certs) Key

func (c *Certs) Key(id string) *rsa.PublicKey

type GoogleClaims

type GoogleClaims interface {
	Valid() error
	VerifyAudience(audience string) bool
	VerifyDomain(domain string) bool
}

type StandardClaims

type StandardClaims struct {
	Issuer          string `json:"iss"`
	AuthorizedParty string `json:"azp"`
	Audience        string `json:"aud"`
	Subject         string `json:"sub"`
	Email           string `json:"email"`
	EmailVerified   bool   `json:"email_verified"`
	AtHash          string `json:"at_hash"`
	Name            string `json:"name"`
	Picture         string `json:"picture"`
	GivenName       string `json:"given_name"`
	FamilyName      string `json:"family_name"`
	Locale          string `json:"locale"`
	HD              string `json:"hd"`
	IssuedAt        int64  `json:"iat"`
	ExpiresAt       int64  `json:"exp"`
	// contains filtered or unexported fields
}

func (*StandardClaims) SetAllowedSkew

func (c *StandardClaims) SetAllowedSkew(skew time.Duration)

func (StandardClaims) Valid

func (c StandardClaims) Valid() error

Validates time based claims "exp, iat, nbf". There is no accounting for clock skew. As well, if any of the above claims are not in the token, it will still be considered a valid claim.

func (*StandardClaims) VerifyAudience

func (c *StandardClaims) VerifyAudience(audience string) bool

Compares the Audience claim against audience. If required is false, this method will return true if the value matches or is unset

func (*StandardClaims) VerifyDomain

func (c *StandardClaims) VerifyDomain(domain string) bool

Compares the Domain claim against domain. If required is false, this method will return true if the value matches or is unset

type Verifier

type Verifier struct {
	Audiences *[]string
	Domains   *[]string
}

func NewVerifier

func NewVerifier() *Verifier

func (*Verifier) VerifyIDToken

func (v *Verifier) VerifyIDToken(token string, claims GoogleClaims) error

func (*Verifier) WithAudiences

func (v *Verifier) WithAudiences(audiences ...string) *Verifier

func (*Verifier) WithDomains

func (v *Verifier) WithDomains(domains ...string) *Verifier