config

package

v1.2.7 Latest Latest Go to latest Published: Mar 6, 2021 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/greenpau/caddy-auth-jwt

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type CommonTokenConfig
- func NewCommonTokenConfig() *CommonTokenConfig
type HMACSignMethodConfig
type RSASignMethodConfig
type TokenValidatorOptions
- func NewTokenValidatorOptions() *TokenValidatorOptions
- func (opts *TokenValidatorOptions) Clone() *TokenValidatorOptions

Constants ¶

View Source

const EnvTokenRSADir = "JWT_RSA_DIR"

EnvTokenRSADir the env variable used to indicate a directory

View Source

const EnvTokenRSAFile = "JWT_RSA_FILE"

EnvTokenRSAFile then env variable (or prefix) used to indicate a file containing a RS key

View Source

const EnvTokenRSAKey = "JWT_RSA_KEY"

EnvTokenRSAKey the env variable (or prefix) used to indicte a RS key

View Source

const EnvTokenSecret = "JWT_TOKEN_SECRET"

EnvTokenSecret the env variable used to indicate shared secret key

Variables ¶

View Source

var SigningMethods = map[string]struct{}{
	"HS256": {},
	"HS384": {},
	"HS512": {},
	"RS256": {},
	"RS384": {},
	"RS512": {},
}

SigningMethods are supported JWT token signing methods

Functions ¶

This section is empty.

Types ¶

type CommonTokenConfig ¶

type CommonTokenConfig struct {
	TokenSignMethod string `json:"token_sign_method,omitempty" xml:"token_sign_method,omitempty" yaml:"token_sign_method,omitempty"`
	TokenName       string `json:"token_name,omitempty" xml:"token_name" yaml:"token_name"`
	TokenOrigin     string `json:"token_origin,omitempty" xml:"token_origin" yaml:"token_origin"`
	// The expiration time of a token in seconds
	TokenLifetime      int    `json:"token_lifetime,omitempty" xml:"token_lifetime" yaml:"token_lifetime"`
	TokenSigningMethod string `json:"token_signing_method,omitempty" xml:"token_signing_method" yaml:"token_signing_method"`

	HMACSignMethodConfig
	RSASignMethodConfig
	// contains filtered or unexported fields
}

CommonTokenConfig is common token-related configuration settings. The setting are used by TokenProvider and TokenValidator.

func NewCommonTokenConfig ¶

func NewCommonTokenConfig() *CommonTokenConfig

NewCommonTokenConfig returns an instance of CommonTokenConfig.

func (*CommonTokenConfig) AddRSAPublicKey ¶

func (c *CommonTokenConfig) AddRSAPublicKey(keyID string, keyMaterial interface{}) error

AddRSAPublicKey adds RSA public key to the map of RSA keys.

func (*CommonTokenConfig) AddTokenKey ¶

func (c *CommonTokenConfig) AddTokenKey(k string, pk interface{})

AddTokenKey adds token key.

func (*CommonTokenConfig) GetKeys ¶

func (c *CommonTokenConfig) GetKeys() map[string]interface{}

GetKeys returns a map with RSA keys.

func (*CommonTokenConfig) GetPrivateKey ¶

func (c *CommonTokenConfig) GetPrivateKey() (*rsa.PrivateKey, string, error)

GetPrivateKey returns the first RSA private key it finds.

func (*CommonTokenConfig) GetTokenKeys ¶

func (c *CommonTokenConfig) GetTokenKeys() map[string]interface{}

GetTokenKeys returns token keys.

func (*CommonTokenConfig) HasRSAKeys ¶

func (c *CommonTokenConfig) HasRSAKeys() bool

HasRSAKeys returns true if the configuration has RSA encryption keys and files

type HMACSignMethodConfig ¶

type HMACSignMethodConfig struct {
	TokenSecret string `json:"token_secret,omitempty" xml:"token_secret" yaml:"token_secret"`
}

HMACSignMethodConfig holds configuration for signing messages by means of a shared key.

type RSASignMethodConfig ¶

type RSASignMethodConfig struct {
	// TokenRSDir holds the absolute path to where a nested directory of key paths are, otherwise the name of the file
	// is used as the kid and the values are parse into TokenRSKeys
	TokenRSADir string `json:"token_rsa_dir,omitempty" xml:"token_rsa_dir" yaml:"token_rsa_dir"`

	// TokenRSFiles holds a map of <kid> to filename. These files should hold the public or private key. They are parsed to TokenRSKeys values
	TokenRSAFiles map[string]string `json:"token_rsa_files,omitempty" xml:"token_rsa_files" yaml:"token_rsa_files"`

	// TokenRSKeys holds a map of <kid> to the key PEM value
	TokenRSAKeys map[string]string `json:"token_rsa_keys,omitempty" xml:"token_rsa_keys" yaml:"token_rsa_keys"`

	TokenRSAFile string `json:"token_rsa_file,omitempty" xml:"token_rsa_file" yaml:"token_rsa_file"`
	TokenRSAKey  string `json:"token_rsa_key,omitempty" xml:"token_rsa_key" yaml:"token_rsa_key"`
}

RSASignMethodConfig holds data for RSA keys that can be used to sign and verify JWT tokens TokenRSDirectory is a directory that is like:

<kid>'s can only contain ascii letters/numbers and underscores. (otherwise they are not loaded)

+-- <kid_1>
      +-- private.key
+-- <kid_2>
      +-- public.key
+-- kid_3.key
+-- kid_4.key
+-- kid.5.key

The above directory will result in a TokenRSKeys that looks like:

TokenRSKeys{
    "kid_1_private": "---- RSA PRIVATE KEY ---- ...",
    "kid_2_public": "---- RSA PUBLIC KEY ---- ...",
    "kid_3": "---- RSA PRIVATE KEY ---- ...",
    "kid_4": "---- RSA PUBLIC KEY ---- ...",
    // there is no "kid.5" becuase the "." is invalid.
}

There only needs to be public keys loaded for verification. If you're using the Grantor method then you need to load a PrivateKey so that keys can be signed.

The TokenRS fields translate to the following config values:

"token_rs_dir": "<path to dir>" "token_rs_files": {"<kid>": "<path to file>", ...} "token_rs_keys": {"<kid>": "<key PEM value>", ...}

there are two special config values:

"token_rs_file": "<path to file>" "token_rs_key": "<key PEM value>"

The above two variables map to a <kid> of "0", these are always evaluated first so they can be overwritten if a <kid> of "0" is used explictly

The TokenRS fields translate to the following enviornment variables:

JWT_RS_DIR="<path to dir>" JWT_RS_FILE_<kid>="<path to file>" JWT_RS_KEY_<kid>="<key PEM value>"

there are two special environment variables:

JWT_RS_FILE="<path to file>" JWT_RS_KEY="<key PEM value>"

The above two variables map to a <kid> of "0", these are always evaluated first so they can be overwritten if a <kid> of "0" is used explictly

Enviroment variable KID's get lowercased. All other KID's are left untouched.

type TokenValidatorOptions ¶

type TokenValidatorOptions struct {
	ValidateSourceAddress       bool
	SourceAddress               string
	ValidateBearerHeader        bool
	ValidateMethodPath          bool
	ValidateAccessListPathClaim bool
	ValidateAllowMatchAll       bool

	Metadata map[string]interface{}
	Logger   *zap.Logger
}

TokenValidatorOptions provides options for TokenValidator

func NewTokenValidatorOptions ¶

func NewTokenValidatorOptions() *TokenValidatorOptions

NewTokenValidatorOptions returns an instance of TokenValidatorOptions

func (*TokenValidatorOptions) Clone ¶

func (opts *TokenValidatorOptions) Clone() *TokenValidatorOptions

Clone makes a copy of TokenValidatorOptions without metadata.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL