token

package

v0.0.11 Latest Latest Go to latest Published: Aug 9, 2022 License: Apache-2.0 Imports: 4 Imported by: 9

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/m-lab/access

Links

Open Source Insights

Documentation ¶

Overview ¶

Package token provides support for parsing JSON Web Keys (JWK), creating signed JSON Web Tokens (JWT), and verifying JWT signatures.

Index ¶

Variables
func LoadJSONWebKey(json []byte, isPublic bool) (*jose.JSONWebKey, error)
type Signer
- func NewSigner(key []byte) (*Signer, error)
- func (k *Signer) Sign(cl jwt.Claims) (string, error)
type Verifier
- func NewVerifier(keys ...[]byte) (*Verifier, error)
- func (k *Verifier) Claims(token string) (*jwt.Claims, error)
- func (k *Verifier) Verify(token string, exp jwt.Expected) (*jwt.Claims, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrDuplicateKeyID = errors.New("Duplicate KeyID found")

ErrDuplicateKeyID is returned when initializing a verifier with multiple keys with the same KeyID. KeyIDs should be unique.

View Source

var ErrKeyIDNotFound = errors.New("Key ID not found for given token header")

ErrKeyIDNotFound is returned when trying to verify a token when there are no corresponding key IDs matching the token header.

Functions ¶

func LoadJSONWebKey ¶

func LoadJSONWebKey(json []byte, isPublic bool) (*jose.JSONWebKey, error)

LoadJSONWebKey loads and validates the given JWK.

Types ¶

type Signer ¶

type Signer struct {
	jwt.Builder
}

Signer supports operations on a private JWK.

func NewSigner ¶

func NewSigner(key []byte) (*Signer, error)

NewSigner accepts a serialized, private JWK and creates a new Signer instance.

func (*Signer) Sign ¶

func (k *Signer) Sign(cl jwt.Claims) (string, error)

Sign generates a signed JWT in compact form.

type Verifier ¶

type Verifier struct {
	// contains filtered or unexported fields
}

Verifier supports operations on a public JWK.

func NewVerifier ¶

func NewVerifier(keys ...[]byte) (*Verifier, error)

NewVerifier accepts serialized, public JWKs and creates a new Verifier instance. Caller may pass multiple verifier keys to recognize and support key rotation of signer keys, or multiple issuers. When providing multiple keys each must have a distinct "keyid". An error derived from ErrDuplicateKeyID is returned when keys have the same keyid.

func (*Verifier) Claims ¶

func (k *Verifier) Claims(token string) (*jwt.Claims, error)

Claims extracts the claims from a signed token, but does not validate them against any expected claims. Useful for extracting only the claims object.

func (*Verifier) Verify ¶

func (k *Verifier) Verify(token string, exp jwt.Expected) (*jwt.Claims, error)

Verify checks the token signature and that the claims match the expected config. Note: if validation of the expected claims fails, then Verify will return the original token claims with the corresponding non-nil validation error.

Source Files ¶

View all Source files

jwt.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL