Documentation
¶
Overview ¶
Package jwt provides helpers for validating JSON Web Tokens (JWT) and composing claim predicates.
Index ¶
- func CustomClaimsFromContext[T any](ctx context.Context) T
- func RegisteredClaimsFromContext(ctx context.Context) *jwt.RegisteredClaims
- func WithLabel(key, value string) func(*ValidatorDebugger)
- func WithLogger(logger zerolog.Logger) func(*ValidatorDebugger)
- type ClaimKey
- type ClaimPredicate
- type MultiValidator
- type PredicateValidator
- type RegisteredClaims
- type TokenValidator
- func NewMultiValidatorFromConfig(configs []ValidatorConfig, opts ...ValidatorOpt) (TokenValidator, error)
- func NewValidatorFromConfig(cfg *ValidatorConfig) (TokenValidator, error)
- func NewValidatorFromConfigWithOptions(cfg *ValidatorConfig, opts ...ValidatorOpt) (TokenValidator, error)
- func NewValidatorsFromConfig(configs []ValidatorConfig, opts ...ValidatorOpt) ([]TokenValidator, error)
- type ValidatorConfig
- type ValidatorDebugOpts
- type ValidatorDebugger
- type ValidatorOpt
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CustomClaimsFromContext ¶
CustomClaimsFromContext extracts custom claims from the context.
func RegisteredClaimsFromContext ¶
func RegisteredClaimsFromContext(ctx context.Context) *jwt.RegisteredClaims
RegisteredClaimsFromContext extracts registered claims from the context.
func WithLabel ¶
func WithLabel(key, value string) func(*ValidatorDebugger)
WithLabel enriches the logger with a label.
func WithLogger ¶
func WithLogger(logger zerolog.Logger) func(*ValidatorDebugger)
WithLogger sets the logger on the validator debugger.
Types ¶
type ClaimPredicate ¶
ClaimPredicate defines an interface for validating JWT claims.
func And ¶
func And(children ...ClaimPredicate) ClaimPredicate
And combines the children with an AND
func ParseClaimPredicates ¶
func ParseClaimPredicates(input any) ClaimPredicate
ParseClaimPredicates parses the input into a claim predicate
type MultiValidator ¶
type MultiValidator struct {
Validators []TokenValidator
}
MultiValidator attempts to validate tokens using multiple validators in sequence.
func (*MultiValidator) String ¶
func (v *MultiValidator) String() string
func (*MultiValidator) ValidateToken ¶
type PredicateValidator ¶
type PredicateValidator struct {
ParentValidator TokenValidator
Predicate ClaimPredicate
}
PredicateValidator wraps a TokenValidator and applies additional claim predicate validation.
func (*PredicateValidator) String ¶
func (v *PredicateValidator) String() string
func (*PredicateValidator) ValidateToken ¶
type RegisteredClaims ¶
type RegisteredClaims = jwt.RegisteredClaims
RegisteredClaims is an alias for the standard JWT registered claims.
type TokenValidator ¶
type TokenValidator interface {
ValidateToken(ctx context.Context, tokenString string) (any, error)
String() string
}
TokenValidator defines the interface for validating tokens.
func NewMultiValidatorFromConfig ¶
func NewMultiValidatorFromConfig(configs []ValidatorConfig, opts ...ValidatorOpt) (TokenValidator, error)
NewMultiValidatorFromConfig creates a MultiValidator from multiple configs.
func NewValidatorFromConfig ¶
func NewValidatorFromConfig(cfg *ValidatorConfig) (TokenValidator, error)
NewValidatorFromConfig creates a TokenValidator from a ValidatorConfig.
func NewValidatorFromConfigWithOptions ¶
func NewValidatorFromConfigWithOptions(cfg *ValidatorConfig, opts ...ValidatorOpt) (TokenValidator, error)
NewValidatorFromConfigWithOptions creates a TokenValidator from a ValidatorConfig using custom options.
func NewValidatorsFromConfig ¶
func NewValidatorsFromConfig(configs []ValidatorConfig, opts ...ValidatorOpt) ([]TokenValidator, error)
NewValidatorsFromConfig creates multiple validators from configs.
type ValidatorConfig ¶
type ValidatorConfig struct {
Issuer string `json:"issuer" mapstructure:"issuer"`
Audiences []string `json:"audiences" mapstructure:"audiences"`
SignatureAlgorithm string `json:"signature_algorithm" mapstructure:"signature_algorithm"`
CacheTTL int `json:"cache_ttl_seconds" mapstructure:"cache_ttl_seconds"`
AllowedClockSkew int `json:"allowed_clock_skew_seconds" mapstructure:"allowed_clock_skew_seconds"`
Debug bool `json:"debug" mapstructure:"debug"`
ClaimPredicate map[string]any `json:"claim_predicates" mapstructure:"claim_predicates"`
}
ValidatorConfig contains configuration for a JWT token validator.
func FromMap ¶
func FromMap(m map[string]any) ValidatorConfig
FromMap creates a ValidatorConfig from a map.
type ValidatorDebugOpts ¶
type ValidatorDebugOpts func(*ValidatorDebugger)
ValidatorDebugOpts is a functional option for configuring a ValidatorDebugger.
type ValidatorDebugger ¶
type ValidatorDebugger struct {
// contains filtered or unexported fields
}
ValidatorDebugger wraps a TokenValidator with debug logging capabilities.
func NewValidatorDebugger ¶
func NewValidatorDebugger(validator TokenValidator, opts ...ValidatorDebugOpts) *ValidatorDebugger
NewValidatorDebugger wraps a TokenValidator with debug logging.
func (*ValidatorDebugger) String ¶
func (v *ValidatorDebugger) String() string
func (*ValidatorDebugger) ValidateToken ¶
type ValidatorOpt ¶
type ValidatorOpt func(*validatorOptions)
ValidatorOpt configures validator creation.
func WithValidatorJWKSProvider ¶
func WithValidatorJWKSProvider(provider *jwks.CachingProvider) ValidatorOpt
WithValidatorJWKSProvider sets a custom JWKS caching provider.
func WithValidatorKeyFunc ¶
func WithValidatorKeyFunc(keyFunc func(context.Context) (any, error)) ValidatorOpt
WithValidatorKeyFunc sets a custom key function for validation.
Source Files