README
¶
go-jwks
A library to retrieve RSA signing keys from a JWKS (JSON Web Key Set) endpoint.
You probably shouldn't use this. I had no idea what I was doing when I wrote it.
Documentation
¶
Overview ¶
Package jwks provides a client for fetching RSA signing keys from a JSON Web Key Set endpoint.
Index ¶
- type Client
- type ClientConfig
- func (c *ClientConfig) WithCacheTimeout(timeout time.Duration) *ClientConfig
- func (c *ClientConfig) WithDebugLogging(enableDebugLogging bool, logger *log.Logger) *ClientConfig
- func (c *ClientConfig) WithRequestTimeout(timeout time.Duration) *ClientConfig
- func (c *ClientConfig) WithStrictTLSPolicy(verificationDisabled bool) *ClientConfig
- type Key
- type Keys
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client reads signing keys from a JSON Web Key set endpoint.
func NewClient ¶
func NewClient(jwksEndpoint string, config *ClientConfig) *Client
NewClient creates a new JWKS client. The client is thread-safe.
type ClientConfig ¶
type ClientConfig struct {
// contains filtered or unexported fields
}
ClientConfig contains configuration for JWKS client.
func NewConfig ¶
func NewConfig() *ClientConfig
NewConfig creates a new configuration object pre-populated with default values.
func (*ClientConfig) WithCacheTimeout ¶
func (c *ClientConfig) WithCacheTimeout(timeout time.Duration) *ClientConfig
WithCacheTimeout sets the cache TTL for fetched keys.
func (*ClientConfig) WithDebugLogging ¶
func (c *ClientConfig) WithDebugLogging(enableDebugLogging bool, logger *log.Logger) *ClientConfig
WithDebugLogging enables or disables debug logging. If a logger is not specified, the default logger (stderr) will be used.
func (*ClientConfig) WithRequestTimeout ¶
func (c *ClientConfig) WithRequestTimeout(timeout time.Duration) *ClientConfig
WithRequestTimeout sets the request timeout for key requests.
func (*ClientConfig) WithStrictTLSPolicy ¶
func (c *ClientConfig) WithStrictTLSPolicy(verificationDisabled bool) *ClientConfig
WithStrictTLSPolicy enables or disables TSL certificate verification.
type Key ¶
type Key struct {
// The "kid" (key ID) parameter is used to match a specific key.
Kid string `json:"kid"`
// The "kty" (key type) parameter identifies the cryptographic algorithm
// family used with the key, such as "RSA" or "EC". "kty" values should
// either be registered in the IANA "JSON Web Key Types" registry
// established by or be a value that contains a Collision-resistant name.
// The "kty" value is a case-sensitive string.
Kty string `json:"kty"`
// The "alg" (algorithm) parameter identifies the algorithm intended for
// use with the key. The values used should either be registered in the
// IANA "JSON Web Signature and Encryption Algorithms" registry
// established by JWA or be a value that contains a Collision-
// Resistant Name. The "alg" value is a case-sensitive ASCII string.
Alg string `json:"alg"`
// The "use" (public key use) parameter identifies the intended use of
// the public key. The "use" parameter is employed to indicate whether
// a public key is used for encrypting data or verifying the signature
// on data.
Use string `json:"use"`
// The "x5c" (X.509 certificate chain) parameter contains a chain of one
// or more PKIX certificates. The certificate chain is represented as a
// JSON array of certificate value strings. Each string in the array is
// a base64-encoded (not base64url-encoded) DER [ITU.X690.1994] PKIX
// certificate value.
X5c []string `json:"x5c"`
// The "x5t" (X.509 certificate SHA-1 thumbprint) parameter is a
// base64url-encoded SHA-1 thumbprint of the DER encoding of an X.509
// certificate.
X5t string `json:"x5t"`
// N is the RSA key value modulus.
N string `json:"n"`
// E is the RSA key value public exponent.
E string `json:"e"`
}
Key is a JSON web key returned by the JWKS request.
Source Files