Documentation
¶
Index ¶
Constants ¶
View Source
const ( // HTTPHeader header name for DPoP HTTPHeader = "DPoP" // ContentType value ContentType = "application/dpop+jwt" )
View Source
const ( // DefaultExpiration for the proof DefaultExpiration = time.Minute * 10 // DefaultNotBefore offset for NotBefore DefaultNotBefore = -10 * time.Minute )
View Source
const (
// CnfThumbprint is the claim name for JKT thumbptint
CnfThumbprint = "jkt"
)
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-04
Variables ¶
View Source
var TimeNowFn = time.Now
TimeNowFn to override in unit tests
Functions ¶
This section is empty.
Types ¶
type Claims ¶
type Claims struct {
jwt.Claims
Nonce string `json:"nonce,omitempty"`
HTTPMethod string `json:"htm,omitempty"`
HTTPUri string `json:"htu,omitempty"`
}
Claims are common claims in the DPoP proof JWT.
type Result ¶
Result is returned from VerifyClaims
func VerifyClaims ¶
func VerifyClaims(cfg VerifyConfig, req *http.Request) (*Result, error)
VerifyClaims returns DPoP claims, raw claims, key; or error
type Signer ¶
type Signer interface {
// ForRequest annotates an HTTP Request with a DPoP header.
ForRequest(r *http.Request, extraClaims interface{}) (string, error)
// JWKThumbprint returns base64 hash of the key
JWKThumbprint() string
}
Signer specifies an interface to sign HTTP requests with DPoP
type VerifyConfig ¶
type VerifyConfig struct {
// ExpectedIssuer validates the iss claim of a JWT matches this value
ExpectedIssuer string
// ExpectedSubject validates the sub claim of a JWT matches this value
ExpectedSubject string
// ExpectedAudience validates that the aud claim of a JWT contains this value
ExpectedAudience string
// ExpectedNonce validates that the nonce claim of a JWT contains this value
ExpectedNonce string
// EnableQuery speciies to get `dpop` header from the QueryString
EnableQuery bool
}
VerifyConfig expreses the possible options for validating a JWT
Source Files
Click to show internal directories.
Click to hide internal directories.