Documentation ¶
Index ¶
Constants ¶
View Source
const ( // HTTPHeader header name for DPoP HTTPHeader = "DPoP" // ContentType value ContentType = "application/dpop+jwt" )
View Source
const ( // DefaultExpiration for the proof DefaultExpiration = time.Minute * 10 // DefaultNotBefore offset for NotBefore DefaultNotBefore = -10 * time.Minute )
View Source
const (
// CnfThumbprint is the claim name for JKT thumbptint
CnfThumbprint = "jkt"
)
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-04
Variables ¶
View Source
var TimeNowFn = time.Now
TimeNowFn to override in unit tests
Functions ¶
This section is empty.
Types ¶
type Claims ¶
type Claims struct { jwt.Claims Nonce string `json:"nonce,omitempty"` HTTPMethod string `json:"htm,omitempty"` HTTPUri string `json:"htu,omitempty"` }
Claims are common claims in the DPoP proof JWT.
type Result ¶
Result is returned from VerifyClaims
func VerifyClaims ¶
func VerifyClaims(cfg VerifyConfig, req *http.Request) (*Result, error)
VerifyClaims returns DPoP claims, raw claims, key; or error
type Signer ¶
type Signer interface { // ForRequest annotates an HTTP Request with a DPoP header. ForRequest(r *http.Request, extraClaims interface{}) (string, error) // JWKThumbprint returns base64 hash of the key JWKThumbprint() string }
Signer specifies an interface to sign HTTP requests with DPoP
type VerifyConfig ¶
type VerifyConfig struct { // ExpectedIssuer validates the iss claim of a JWT matches this value ExpectedIssuer string // ExpectedSubject validates the sub claim of a JWT matches this value ExpectedSubject string // ExpectedAudience validates that the aud claim of a JWT contains this value ExpectedAudience string // ExpectedNonce validates that the nonce claim of a JWT contains this value ExpectedNonce string // EnableQuery speciies to get `dpop` header from the QueryString EnableQuery bool }
VerifyConfig expreses the possible options for validating a JWT
Click to show internal directories.
Click to hide internal directories.