kmsjwt

package module

v4.0.0 Latest Latest Go to latest Published: Apr 30, 2021 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

This little utility library provides an AWS KMS-based implementation of jwt.SigningMethod.

You will be using an instance of context.Context as the encryption key.

This section is empty.

View Source

var ErrInvalidKey = errors.New("key is invalid")

ErrInvalidKey indicates taht the key is invalid.

View Source

var ErrKmsVerification = errors.New("kms: verification error")

ErrKmsVerification is an error shown when KMS token verification fails.

func DisableCache(k *KMSJWT)

DisableCache disables cache on the client (on by default).

type KMSJWT struct {
	kmsiface.KMSAPI
	// contains filtered or unexported fields
}

func New(client kmsiface.KMSAPI, kmsKeyID string, opts ...Option) *KMSJWT

New provides a KMS-based implementation of JWT signing method.

func (k *KMSJWT) Alg() string

func (k *KMSJWT) Sign(signingString string, key interface{}) (string, error)

func (k *KMSJWT) Verify(signingString, stringSignature string, key interface{}) error

type Option func(*KMSJWT)

Option is a function that modifies the way the verification method works.

func WithAlgorithm(algorithm string) Option

func WithCleanupInterval(cleanupInterval time.Duration) Option

WithCleanupInterval changes the key cleanup interval if the cache is "on". By default, it's one minute.

func WithDefaultExpiration(defaultExpiration time.Duration) Option

WithDefaultExpiration changes the default key expiration if the cache is "on". By default, cache expires after an hour.

func WithSigningAlgorithm(algorighm string) Option

WithSigningAlgorithm changes the algorighm used to sign and verify tokens. By default, "RSAES_OAEP_SHA_256" is used.