Documentation
¶
Overview ¶
Package auth provides JWT and PASETO helpers with safe defaults.
Index ¶
- Variables
- type JWTSigner
- type JWTSignerOption
- type JWTVerifier
- type JWTVerifierOption
- func WithJWTAllowedAlgorithms(algs ...string) JWTVerifierOption
- func WithJWTAudience(audiences ...string) JWTVerifierOption
- func WithJWTClock(now func() time.Time) JWTVerifierOption
- func WithJWTIssuer(issuer string) JWTVerifierOption
- func WithJWTLeeway(leeway time.Duration) JWTVerifierOption
- func WithJWTRequireKeyID() JWTVerifierOption
- func WithJWTSubject(subject string) JWTVerifierOption
- func WithJWTVerificationKey(key any) JWTVerifierOption
- func WithJWTVerificationKeyFunc(keyFunc jwt.Keyfunc) JWTVerifierOption
- func WithJWTVerificationKeys(keys map[string]any) JWTVerifierOption
- func WithJWTVerifierAllowMissingExpiration() JWTVerifierOption
- type PasetoLocal
- type PasetoLocalOption
- func WithPasetoLocalAllowMissingExpiration() PasetoLocalOption
- func WithPasetoLocalAudience(audience string) PasetoLocalOption
- func WithPasetoLocalClock(clock func() time.Time) PasetoLocalOption
- func WithPasetoLocalIssuer(issuer string) PasetoLocalOption
- func WithPasetoLocalKey(key paseto.V4SymmetricKey) PasetoLocalOption
- func WithPasetoLocalKeyBytes(key []byte) PasetoLocalOption
- func WithPasetoLocalKeyHex(hexKey string) PasetoLocalOption
- func WithPasetoLocalSubject(subject string) PasetoLocalOption
- type PasetoPublicSigner
- type PasetoPublicSignerOption
- func WithPasetoPublicSecretKey(key paseto.V4AsymmetricSecretKey) PasetoPublicSignerOption
- func WithPasetoPublicSecretKeyBytes(key []byte) PasetoPublicSignerOption
- func WithPasetoPublicSecretKeyHex(hexKey string) PasetoPublicSignerOption
- func WithPasetoPublicSignerAllowMissingExpiration() PasetoPublicSignerOption
- type PasetoPublicVerifier
- type PasetoPublicVerifierOption
- func WithPasetoPublicAllowMissingExpiration() PasetoPublicVerifierOption
- func WithPasetoPublicAudience(audience string) PasetoPublicVerifierOption
- func WithPasetoPublicClock(clock func() time.Time) PasetoPublicVerifierOption
- func WithPasetoPublicIssuer(issuer string) PasetoPublicVerifierOption
- func WithPasetoPublicKey(key paseto.V4AsymmetricPublicKey) PasetoPublicVerifierOption
- func WithPasetoPublicKeyBytes(key []byte) PasetoPublicVerifierOption
- func WithPasetoPublicKeyHex(hexKey string) PasetoPublicVerifierOption
- func WithPasetoPublicSubject(subject string) PasetoPublicVerifierOption
Constants ¶
This section is empty.
Variables ¶
var ( // ErrJWTInvalidConfig indicates that the JWT configuration is invalid. ErrJWTInvalidConfig = ewrap.New("invalid jwt config") // ErrJWTMissingKey indicates that the JWT key is missing. ErrJWTMissingKey = ewrap.New("jwt key is required") // ErrJWTMissingSigningAlg indicates that the JWT signing algorithm is missing. ErrJWTMissingSigningAlg = ewrap.New("jwt signing algorithm is required") // ErrJWTMissingAllowedAlgs indicates that the JWT allowed algorithms are missing. ErrJWTMissingAllowedAlgs = ewrap.New("jwt allowed algorithms are required") // ErrJWTMissingClaims indicates that the JWT claims are missing. ErrJWTMissingClaims = ewrap.New("jwt claims are required") // ErrJWTMissingExpiration indicates that the JWT expiration is missing. ErrJWTMissingExpiration = ewrap.New("jwt expiration is required") // ErrJWTMissingKeyID indicates that the JWT key ID is missing. ErrJWTMissingKeyID = ewrap.New("jwt key id is required") // ErrJWTInvalidAudience indicates that the JWT audience is invalid. ErrJWTInvalidAudience = ewrap.New("jwt audience is invalid") // ErrJWTInvalidToken indicates that the JWT token is invalid. ErrJWTInvalidToken = ewrap.New("jwt token is invalid") // ErrJWTConflictingOptions indicates that the JWT options are conflicting. ErrJWTConflictingOptions = ewrap.New("jwt options are conflicting") // ErrPasetoInvalidConfig indicates that the Paseto configuration is invalid. ErrPasetoInvalidConfig = ewrap.New("invalid paseto config") // ErrPasetoMissingKey indicates that the Paseto key is missing. ErrPasetoMissingKey = ewrap.New("paseto key is required") // ErrPasetoMissingToken indicates that the Paseto token is missing. ErrPasetoMissingToken = ewrap.New("paseto token is required") // ErrPasetoMissingExpiry indicates that the Paseto expiration is missing. ErrPasetoMissingExpiry = ewrap.New("paseto expiration is required") // ErrPasetoExpired indicates that the Paseto token has expired. ErrPasetoExpired = ewrap.New("paseto token has expired") // ErrPasetoInvalidToken indicates that the Paseto token is invalid. ErrPasetoInvalidToken = ewrap.New("paseto token is invalid") // ErrPasetoConflictingOpts indicates that the Paseto options are conflicting. ErrPasetoConflictingOpts = ewrap.New("paseto options are conflicting") )
Functions ¶
This section is empty.
Types ¶
type JWTSigner ¶
type JWTSigner struct {
// contains filtered or unexported fields
}
JWTSigner signs JWTs with required claims and strict algorithm selection.
func NewJWTSigner ¶
func NewJWTSigner(opts ...JWTSignerOption) (*JWTSigner, error)
NewJWTSigner constructs a JWT signer with strict defaults.
type JWTSignerOption ¶
type JWTSignerOption func(*jwtSignerConfig) error
JWTSignerOption configures JWT signing behavior.
func WithJWTSignerAllowMissingExpiration ¶
func WithJWTSignerAllowMissingExpiration() JWTSignerOption
WithJWTSignerAllowMissingExpiration disables the default requirement for exp.
func WithJWTSigningAlgorithm ¶
func WithJWTSigningAlgorithm(alg string) JWTSignerOption
WithJWTSigningAlgorithm configures the signing algorithm by name.
func WithJWTSigningKey ¶
func WithJWTSigningKey(key any) JWTSignerOption
WithJWTSigningKey sets the signing key.
func WithJWTSigningKeyID ¶
func WithJWTSigningKeyID(keyID string) JWTSignerOption
WithJWTSigningKeyID sets the kid header on signed tokens.
type JWTVerifier ¶
type JWTVerifier struct {
// contains filtered or unexported fields
}
JWTVerifier verifies JWT signatures and claims with strict validation.
func NewJWTVerifier ¶
func NewJWTVerifier(opts ...JWTVerifierOption) (*JWTVerifier, error)
NewJWTVerifier constructs a JWT verifier with strict defaults.
type JWTVerifierOption ¶
type JWTVerifierOption func(*jwtVerifierConfig) error
JWTVerifierOption configures JWT verification behavior.
func WithJWTAllowedAlgorithms ¶
func WithJWTAllowedAlgorithms(algs ...string) JWTVerifierOption
WithJWTAllowedAlgorithms configures allowed signing algorithms.
func WithJWTAudience ¶
func WithJWTAudience(audiences ...string) JWTVerifierOption
WithJWTAudience configures the required audience list.
func WithJWTClock ¶
func WithJWTClock(now func() time.Time) JWTVerifierOption
WithJWTClock overrides the clock used for validation.
func WithJWTIssuer ¶
func WithJWTIssuer(issuer string) JWTVerifierOption
WithJWTIssuer configures the required issuer.
func WithJWTLeeway ¶
func WithJWTLeeway(leeway time.Duration) JWTVerifierOption
WithJWTLeeway configures allowable clock skew.
func WithJWTRequireKeyID ¶
func WithJWTRequireKeyID() JWTVerifierOption
WithJWTRequireKeyID requires a kid header even with a single key.
func WithJWTSubject ¶
func WithJWTSubject(subject string) JWTVerifierOption
WithJWTSubject configures the required subject.
func WithJWTVerificationKey ¶
func WithJWTVerificationKey(key any) JWTVerifierOption
WithJWTVerificationKey configures a single verification key.
func WithJWTVerificationKeyFunc ¶
func WithJWTVerificationKeyFunc(keyFunc jwt.Keyfunc) JWTVerifierOption
WithJWTVerificationKeyFunc configures a custom key function.
func WithJWTVerificationKeys ¶
func WithJWTVerificationKeys(keys map[string]any) JWTVerifierOption
WithJWTVerificationKeys configures a key map by kid.
func WithJWTVerifierAllowMissingExpiration ¶
func WithJWTVerifierAllowMissingExpiration() JWTVerifierOption
WithJWTVerifierAllowMissingExpiration disables the default requirement for exp.
type PasetoLocal ¶
type PasetoLocal struct {
// contains filtered or unexported fields
}
PasetoLocal encrypts and decrypts PASETO v4 local tokens.
func NewPasetoLocal ¶
func NewPasetoLocal(opts ...PasetoLocalOption) (*PasetoLocal, error)
NewPasetoLocal constructs a PASETO v4 local helper.
type PasetoLocalOption ¶
type PasetoLocalOption func(*pasetoLocalConfig) error
PasetoLocalOption configures PASETO local behavior.
func WithPasetoLocalAllowMissingExpiration ¶
func WithPasetoLocalAllowMissingExpiration() PasetoLocalOption
WithPasetoLocalAllowMissingExpiration disables the default requirement for exp.
func WithPasetoLocalAudience ¶
func WithPasetoLocalAudience(audience string) PasetoLocalOption
WithPasetoLocalAudience sets the expected audience.
func WithPasetoLocalClock ¶
func WithPasetoLocalClock(clock func() time.Time) PasetoLocalOption
WithPasetoLocalClock overrides the clock used for validation.
func WithPasetoLocalIssuer ¶
func WithPasetoLocalIssuer(issuer string) PasetoLocalOption
WithPasetoLocalIssuer sets the expected issuer.
func WithPasetoLocalKey ¶
func WithPasetoLocalKey(key paseto.V4SymmetricKey) PasetoLocalOption
WithPasetoLocalKey sets the symmetric key.
func WithPasetoLocalKeyBytes ¶
func WithPasetoLocalKeyBytes(key []byte) PasetoLocalOption
WithPasetoLocalKeyBytes sets the symmetric key from raw bytes.
func WithPasetoLocalKeyHex ¶
func WithPasetoLocalKeyHex(hexKey string) PasetoLocalOption
WithPasetoLocalKeyHex sets the symmetric key from a hex string.
func WithPasetoLocalSubject ¶
func WithPasetoLocalSubject(subject string) PasetoLocalOption
WithPasetoLocalSubject sets the expected subject.
type PasetoPublicSigner ¶
type PasetoPublicSigner struct {
// contains filtered or unexported fields
}
PasetoPublicSigner signs PASETO v4 public tokens.
func NewPasetoPublicSigner ¶
func NewPasetoPublicSigner(opts ...PasetoPublicSignerOption) (*PasetoPublicSigner, error)
NewPasetoPublicSigner constructs a PASETO v4 public signer.
type PasetoPublicSignerOption ¶
type PasetoPublicSignerOption func(*pasetoPublicSignerConfig) error
PasetoPublicSignerOption configures PASETO public signing behavior.
func WithPasetoPublicSecretKey ¶
func WithPasetoPublicSecretKey(key paseto.V4AsymmetricSecretKey) PasetoPublicSignerOption
WithPasetoPublicSecretKey sets the asymmetric secret key.
func WithPasetoPublicSecretKeyBytes ¶
func WithPasetoPublicSecretKeyBytes(key []byte) PasetoPublicSignerOption
WithPasetoPublicSecretKeyBytes sets the asymmetric secret key from bytes.
func WithPasetoPublicSecretKeyHex ¶
func WithPasetoPublicSecretKeyHex(hexKey string) PasetoPublicSignerOption
WithPasetoPublicSecretKeyHex sets the asymmetric secret key from hex.
func WithPasetoPublicSignerAllowMissingExpiration ¶
func WithPasetoPublicSignerAllowMissingExpiration() PasetoPublicSignerOption
WithPasetoPublicSignerAllowMissingExpiration disables the default requirement for exp.
type PasetoPublicVerifier ¶
type PasetoPublicVerifier struct {
// contains filtered or unexported fields
}
PasetoPublicVerifier verifies PASETO v4 public tokens.
func NewPasetoPublicVerifier ¶
func NewPasetoPublicVerifier(opts ...PasetoPublicVerifierOption) (*PasetoPublicVerifier, error)
NewPasetoPublicVerifier constructs a PASETO v4 public verifier.
type PasetoPublicVerifierOption ¶
type PasetoPublicVerifierOption func(*pasetoPublicVerifierConfig) error
PasetoPublicVerifierOption configures PASETO public verification behavior.
func WithPasetoPublicAllowMissingExpiration ¶
func WithPasetoPublicAllowMissingExpiration() PasetoPublicVerifierOption
WithPasetoPublicAllowMissingExpiration disables the default requirement for exp.
func WithPasetoPublicAudience ¶
func WithPasetoPublicAudience(audience string) PasetoPublicVerifierOption
WithPasetoPublicAudience sets the expected audience.
func WithPasetoPublicClock ¶
func WithPasetoPublicClock(clock func() time.Time) PasetoPublicVerifierOption
WithPasetoPublicClock overrides the clock used for validation.
func WithPasetoPublicIssuer ¶
func WithPasetoPublicIssuer(issuer string) PasetoPublicVerifierOption
WithPasetoPublicIssuer sets the expected issuer.
func WithPasetoPublicKey ¶
func WithPasetoPublicKey(key paseto.V4AsymmetricPublicKey) PasetoPublicVerifierOption
WithPasetoPublicKey sets the asymmetric public key.
func WithPasetoPublicKeyBytes ¶
func WithPasetoPublicKeyBytes(key []byte) PasetoPublicVerifierOption
WithPasetoPublicKeyBytes sets the asymmetric public key from bytes.
func WithPasetoPublicKeyHex ¶
func WithPasetoPublicKeyHex(hexKey string) PasetoPublicVerifierOption
WithPasetoPublicKeyHex sets the asymmetric public key from hex.
func WithPasetoPublicSubject ¶
func WithPasetoPublicSubject(subject string) PasetoPublicVerifierOption
WithPasetoPublicSubject sets the expected subject.
Source Files