jwt

package

v0.0.0-...-3452d59 Latest Latest Go to latest Published: Apr 17, 2020 License: MIT Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/galo/pym

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func Authenticator(next http.Handler) http.Handler
func ErrUnauthorized(err error) render.Renderer
func RefreshTokenFromCtx(ctx context.Context) string
type AppClaims
- func ClaimsFromCtx(ctx context.Context) AppClaims
- func (c *AppClaims) ParseClaims(claims jwt.MapClaims) error
type ErrResponse
- func (e *ErrResponse) Render(w http.ResponseWriter, r *http.Request) error
type JWKClient
- func NewJWKClientWithCache(url string, keyCacher KeyCacher) *JWKClient
- func (j *JWKClient) GetKey(ID string) (jose.JSONWebKey, error)
type JWKS
type KeyCacher
- func NewMemoryKeyCacher(maxKeyAge time.Duration, maxCacheSize int) KeyCacher
type Token
- func (t *Token) Claims() jwt.MapClaims
type TokenAuth
- func NewTokenAuth() (*TokenAuth, error)
- func (a *TokenAuth) Verifier() func(http.Handler) http.Handler

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrTokenUnauthorized   = errors.New("token unauthorized")
	ErrTokenExpired        = errors.New("token expired")
	ErrInvalidAccessToken  = errors.New("invalid access token")
	ErrInvalidRefreshToken = errors.New("invalid refresh token")
)

The list of jwt token errors presented to the end user.

View Source

var (
	ErrNoKeyFound = errors.New("no Keys has been found")
	ErrKeyExpired = errors.New("key exists but is expired")

	// Configuring with MaxKeyAgeNoCheck will skip key expiry check
	MaxKeyAgeNoCheck = time.Duration(-1)
	// Configuring with MaxCacheSizeNoCheck will skip key cache size check
	MaxCacheSizeNoCheck = -1
)

View Source

var (
	ErrInvalidContentType = errors.New("should have a JSON content type for JWKS endpoint")
	ErrInvalidAlgorithm   = errors.New("algorithm is invalid")
)

Functions ¶

func Authenticator ¶

func Authenticator(next http.Handler) http.Handler

Authenticator is a default authentication middleware to enforce access from the Verifier middleware request context values. The Authenticator sends a 401 Unauthorized response for any unverified tokens and passes the good ones through.

func ErrUnauthorized ¶

func ErrUnauthorized(err error) render.Renderer

ErrUnauthorized renders status 401 Unauthorized with custom error message.

func RefreshTokenFromCtx ¶

func RefreshTokenFromCtx(ctx context.Context) string

RefreshTokenFromCtx retrieves the parsed refresh token from context.

Types ¶

type AppClaims ¶

type AppClaims struct {
	ClientID string
	Sub      string
	Scopes   []string
}

AppClaims represent the claims parsed from JWT access token.

func ClaimsFromCtx ¶

func ClaimsFromCtx(ctx context.Context) AppClaims

ClaimsFromCtx retrieves the parsed AppClaims from request context.

func (*AppClaims) ParseClaims ¶

func (c *AppClaims) ParseClaims(claims jwt.MapClaims) error

ParseClaims parses JWT claims into AppClaims.

type ErrResponse ¶

type ErrResponse struct {
	Err            error `json:"-"` // low-level runtime error
	HTTPStatusCode int   `json:"-"` // http response status code

	StatusText string `json:"status"`          // user-level status message
	AppCode    int64  `json:"code,omitempty"`  // application-specific error code
	ErrorText  string `json:"error,omitempty"` // application-level error message, for debugging
}

ErrResponse renderer type for handling all sorts of errors.

func (*ErrResponse) Render ¶

func (e *ErrResponse) Render(w http.ResponseWriter, r *http.Request) error

Render sets the application-specific error code in AppCode.

type JWKClient ¶

type JWKClient struct {
	// contains filtered or unexported fields
}

func NewJWKClientWithCache ¶

func NewJWKClientWithCache(url string, keyCacher KeyCacher) *JWKClient

NewJWKClientWithCache creates a new JWKClient instance Passing nil to keyCacher will create a persistent key cacher

func (*JWKClient) GetKey ¶

func (j *JWKClient) GetKey(ID string) (jose.JSONWebKey, error)

GetKey returns the key associated with the provided ID.

type JWKS ¶

type JWKS struct {
	Keys []jose.JSONWebKey `json:"keys"`
}

type KeyCacher ¶

type KeyCacher interface {
	Get(keyID string) (*jose.JSONWebKey, error)
	Add(keyID string, webKeys []jose.JSONWebKey) (*jose.JSONWebKey, error)
}

func NewMemoryKeyCacher ¶

func NewMemoryKeyCacher(maxKeyAge time.Duration, maxCacheSize int) KeyCacher

NewMemoryKeyCacher creates a new Keycacher interface with option to set max age of cached keys and max size of the cache.

type Token ¶

type Token struct {
	ID        int       `json:"id,omitempty"`
	CreatedAt time.Time `json:"created_at,omitempty"`
	UpdatedAt time.Time `json:"updated_at,omitempty"`
	AccountID int       `json:"-"`

	Token      string    `json:"-"`
	Expiry     time.Time `json:"-"`
	Mobile     bool      `sql:",notnull" json:"mobile"`
	Identifier string    `json:"identifier,omitempty"`
}

Token holds refresh jwt information.

func (*Token) Claims ¶

func (t *Token) Claims() jwt.MapClaims

Claims returns the token claims to be signed

type TokenAuth ¶

type TokenAuth struct {
	JwtAuth          *jwtauth.JWTAuth
	JwtExpiry        time.Duration
	JwtRefreshExpiry time.Duration
}

TokenAuth implements JWT authentication flow.

func NewTokenAuth ¶

func NewTokenAuth() (*TokenAuth, error)

NewTokenAuth configures and returns a JWT authentication instance.

func (*TokenAuth) Verifier ¶

func (a *TokenAuth) Verifier() func(http.Handler) http.Handler

Verifier http middleware will verify a jwt string from a http request.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL