README
¶
GO JWT Middleware
NOTE: There is just a one-liner change here compared to the original project at the Auth0 report (https://github.com/auth0/go-jwt-middleware). And this may become irrelevant once v2 is released.
Installing
go get github.com/b-venter/auth0-go-jwt-middleware
License
This project is licensed under the MIT license. See the LICENSE file for more info.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FromAuthHeader ¶
FromAuthHeader is a "TokenExtractor" that takes a give request and extracts the JWT token from the Authorization header.
Types ¶
type JWTMiddleware ¶
type JWTMiddleware struct {
Options Options
}
func New ¶
func New(options ...Options) *JWTMiddleware
New constructs a new Secure instance with supplied options.
func (*JWTMiddleware) CheckJWT ¶
func (m *JWTMiddleware) CheckJWT(w http.ResponseWriter, r *http.Request) error
func (*JWTMiddleware) HandlerWithNext ¶
func (m *JWTMiddleware) HandlerWithNext(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
HandlerWithNext is a special implementation for Negroni, but could be used elsewhere.
type Options ¶
type Options struct {
// The function that will return the Key to validate the JWT.
// It can be either a shared secret or a public key.
// Default value: nil
ValidationKeyGetter jwt.Keyfunc
// The name of the property in the request where the user information
// from the JWT will be stored.
// Default value: "user"
UserProperty string
// The function that will be called when there's an error validating the token
// Default value:
ErrorHandler errorHandler
// A boolean indicating if the credentials are required or not
// Default value: false
CredentialsOptional bool
// A function that extracts the token from the request
// Default: FromAuthHeader (i.e., from Authorization header as bearer token)
Extractor TokenExtractor
// Debug flag turns on debugging output
// Default: false
Debug bool
// When set, all requests with the OPTIONS method will use authentication
// Default: false
EnableAuthOnOptions bool
// When set, the middelware verifies that tokens are signed with the specific signing algorithm
// If the signing method is not constant the ValidationKeyGetter callback can be used to implement additional checks
// Important to avoid security issues described here: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
// Default: nil
SigningMethod jwt.SigningMethod
}
Options is a struct for specifying configuration options for the middleware.
type TokenExtractor ¶
TokenExtractor is a function that takes a request as input and returns either a token or an error. An error should only be returned if an attempt to specify a token was found, but the information was somehow incorrectly formed. In the case where a token is simply not present, this should not be treated as an error. An empty string should be returned in that case.
func FromFirst ¶
func FromFirst(extractors ...TokenExtractor) TokenExtractor
FromFirst returns a function that runs multiple token extractors and takes the first token it finds
func FromParameter ¶
func FromParameter(param string) TokenExtractor
FromParameter returns a function that extracts the token from the specified query string parameter
Source Files