Documentation ¶
Index ¶
- func GeneratePasswordHash(plainTextPassword string, iterations uint32) (string, error)
- func GenerateRandomBase64(length uint) (string, error)
- func GenerateSignedCSRFID(plaintextCSRFID string, secretKey []byte) (string, error)
- func GenerateSignedJWT(payload *Claims, privateKeyBytes []byte) (string, error)
- func VerifyPasswordHash(plaintextPassword string, passwordHash string) error
- func VerifySignedCSRFID(plaintextCSRFID string, hashedCSRFID string, secretKey []byte) error
- type ActionKind
- type Claims
- type StandardClaims
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GeneratePasswordHash ¶
GeneratePasswordHash generates a password hash from its plaintext form.
This uses Argon2id key derivation function.
func GenerateRandomBase64 ¶
GenerateRandomBase64 generates a cryptograhically secure random vector of bytes of specified encoded as base64.
func GenerateSignedCSRFID ¶
GenerateSignedCSRFID generates a signed and hashed CSRF ID from its plaintext form using provided secret key.
This uses HMAC with SHA512 for hashing.
func GenerateSignedJWT ¶
GenerateSignedJWT generates a JWT token from payload signed by a private key.
This uses an ECDSA P-521 asymmetric encryption with SHA-512 hashing.
func VerifyPasswordHash ¶
VerifyPasswordHash verfies that password hash was generated from the plaintext password.
Types ¶
type ActionKind ¶
type ActionKind string
ActionKind represents a Claim Action kind
const ( PreSession ActionKind = "PreSession" SessionAccess ActionKind = "SessionAccess" SessionRefresh ActionKind = "SessionRefresh" )
...
type Claims ¶
type Claims struct { StandardClaims Email string `json:"email,omitempty"` SignedCSRFID string `json:"signed_csrf_id,omitempty"` Action ActionKind `json:"action,omitempty"` }
Claims is a custom claims type wrapping JWT standard claims.
func DecodeAndVerifySignedJWT ¶
DecodeAndVerifySignedJWT decodes and verifies that the token was signed with associated private key as well as still within expriration limit.
func GeneratePreSessionClaims ¶
GeneratePreSessionClaims generates JWT claims for a pre-session user.
func GenerateSessionClaims ¶
func GenerateSessionClaims(subject string, email string, signedCSRFID string, action ActionKind, expirationInSeconds int) *Claims
GenerateSessionClaims generates JWT claims for a session user.