validator

package

v2.2.1 Latest Latest Go to latest Published: Jan 22, 2024 License: MIT Imports: 5 Imported by: 101

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/auth0/go-jwt-middleware

Links

Open Source Insights

Documentation ¶

Overview ¶

Package validator contains an implementation of jwtmiddleware.ValidateToken using the Square go-jose package version 2.

The implementation handles some nuances around JWTs and supports: - a key func to pull the key(s) used to verify the token signature - verifying the signature algorithm is what it should be - validation of "regular" claims - validation of custom claims - clock skew allowances

When this package is used, tokens are returned as `JSONWebToken` from the gopkg.in/square/go-jose.v2/jwt package.

Note that while the jose package does support multi-recipient JWTs, this package does not support them.

Index ¶

Constants
type CustomClaims
type Option
- func WithAllowedClockSkew(skew time.Duration) Option
- func WithCustomClaims(f func() CustomClaims) Option
type RegisteredClaims
type SignatureAlgorithm
type ValidatedClaims
type Validator
- func New(keyFunc func(context.Context) (interface{}, error), ...) (*Validator, error)
- func (v *Validator) ValidateToken(ctx context.Context, tokenString string) (interface{}, error)

Constants ¶

View Source

const (
	EdDSA = SignatureAlgorithm("EdDSA")
	HS256 = SignatureAlgorithm("HS256") // HMAC using SHA-256
	HS384 = SignatureAlgorithm("HS384") // HMAC using SHA-384
	HS512 = SignatureAlgorithm("HS512") // HMAC using SHA-512
	RS256 = SignatureAlgorithm("RS256") // RSASSA-PKCS-v1.5 using SHA-256
	RS384 = SignatureAlgorithm("RS384") // RSASSA-PKCS-v1.5 using SHA-384
	RS512 = SignatureAlgorithm("RS512") // RSASSA-PKCS-v1.5 using SHA-512
	ES256 = SignatureAlgorithm("ES256") // ECDSA using P-256 and SHA-256
	ES384 = SignatureAlgorithm("ES384") // ECDSA using P-384 and SHA-384
	ES512 = SignatureAlgorithm("ES512") // ECDSA using P-521 and SHA-512
	PS256 = SignatureAlgorithm("PS256") // RSASSA-PSS using SHA256 and MGF1-SHA256
	PS384 = SignatureAlgorithm("PS384") // RSASSA-PSS using SHA384 and MGF1-SHA384
	PS512 = SignatureAlgorithm("PS512") // RSASSA-PSS using SHA512 and MGF1-SHA512
)

Signature algorithms

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CustomClaims ¶

type CustomClaims interface {
	Validate(context.Context) error
}

CustomClaims defines any custom data / claims wanted. The Validator will call the Validate function which is where custom validation logic can be defined.

type Option ¶

type Option func(*Validator)

Option is how options for the Validator are set up.

func WithAllowedClockSkew ¶

func WithAllowedClockSkew(skew time.Duration) Option

WithAllowedClockSkew is an option which sets up the allowed clock skew for the token. Note that in order to use this the expected claims Time field MUST not be time.IsZero(). If this option is not used clock skew is not allowed.

func WithCustomClaims ¶

func WithCustomClaims(f func() CustomClaims) Option

WithCustomClaims sets up a function that returns the object CustomClaims that will be unmarshalled into and on which Validate is called on for custom validation. If this option is not used the Validator will do nothing for custom claims.

type RegisteredClaims ¶

type RegisteredClaims struct {
	Issuer    string   `json:"iss,omitempty"`
	Subject   string   `json:"sub,omitempty"`
	Audience  []string `json:"aud,omitempty"`
	Expiry    int64    `json:"exp,omitempty"`
	NotBefore int64    `json:"nbf,omitempty"`
	IssuedAt  int64    `json:"iat,omitempty"`
	ID        string   `json:"jti,omitempty"`
}

RegisteredClaims represents public claim values (as specified in RFC 7519).

type SignatureAlgorithm ¶

type SignatureAlgorithm string

SignatureAlgorithm is a signature algorithm.

type ValidatedClaims ¶

type ValidatedClaims struct {
	CustomClaims     CustomClaims
	RegisteredClaims RegisteredClaims
}

ValidatedClaims is the struct that will be inserted into the context for the user. CustomClaims will be nil unless WithCustomClaims is passed to New.

type Validator ¶

type Validator struct {
	// contains filtered or unexported fields
}

Validator to use with the jose v2 package.

func New ¶

func New(
	keyFunc func(context.Context) (interface{}, error),
	signatureAlgorithm SignatureAlgorithm,
	issuerURL string,
	audience []string,
	opts ...Option,
) (*Validator, error)

New sets up a new Validator with the required keyFunc and signatureAlgorithm as well as custom options.

func (*Validator) ValidateToken ¶

func (v *Validator) ValidateToken(ctx context.Context, tokenString string) (interface{}, error)

ValidateToken validates the passed in JWT using the jose v2 package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL