discover

package

v0.3.1 Latest Latest Go to latest Published: Apr 17, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/openpubkey/openpubkey

Documentation ¶

Index ¶

func GetJwksByIssuer(ctx context.Context, issuer string) ([]byte, error)
type JwksFetchFunc
- func MockGetJwksByIssuer(publicKeys []crypto.PublicKey, keyIDs []string, algs []string) (JwksFetchFunc, error)
- func MockGetJwksByIssuerOneKey(publicKey crypto.PublicKey, keyID string, alg string) (JwksFetchFunc, error)
type PublicKeyFinder
- func DefaultPubkeyFinder() *PublicKeyFinder
type PublicKeyRecord
- func NewPublicKeyRecord(key jwk.Key, issuer string) (*PublicKeyRecord, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetJwksByIssuer ¶

func GetJwksByIssuer(ctx context.Context, issuer string) ([]byte, error)

GetJwksByIssuer fetches the JWKS from the issuer's JWKS endpoint found at the issuer's well-known configuration. It doesn't attempt to parse the response but instead returns the JSON bytes of the JWKS.

Types ¶

type JwksFetchFunc ¶

type JwksFetchFunc func(ctx context.Context, issuer string) ([]byte, error)

func MockGetJwksByIssuer ¶

func MockGetJwksByIssuer(publicKeys []crypto.PublicKey, keyIDs []string, algs []string) (JwksFetchFunc, error)

func MockGetJwksByIssuerOneKey ¶

func MockGetJwksByIssuerOneKey(publicKey crypto.PublicKey, keyID string, alg string) (JwksFetchFunc, error)

type PublicKeyFinder ¶

type PublicKeyFinder struct {
	JwksFunc JwksFetchFunc
}

func DefaultPubkeyFinder ¶

func DefaultPubkeyFinder() *PublicKeyFinder

func (*PublicKeyFinder) ByJTK ¶

func (f *PublicKeyFinder) ByJTK(ctx context.Context, issuer string, jtk string) (*PublicKeyRecord, error)

func (*PublicKeyFinder) ByKeyID ¶

func (f *PublicKeyFinder) ByKeyID(ctx context.Context, issuer string, keyID string) (*PublicKeyRecord, error)

ByKeyID looks up an OP public key in the JWKS using the KeyID (kid) supplied. If no KeyID (kid) exists in the header and there is only one key in the JWKS, that key is returned. This is useful for cases where an OP may not set a KeyID (kid) in the JWT header.

The JWT RFC states that it is acceptable to not use a KeyID (kid) if there is only one key in the JWKS: "The "kid" (key ID) parameter is used to match a specific key. This is used, for instance, to choose among a set of keys within a JWK Set during key rollover. The structure of the "kid" value is unspecified. When "kid" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct "kid" values. (One example in which different keys might use the same "kid" value is if they have different "kty" (key type) values but are considered to be equivalent alternatives by the application using them.) The "kid" value is a case-sensitive string. Use of this member is OPTIONAL. When used with JWS or JWE, the "kid" value is used to match a JWS or JWE "kid" Header Parameter value." - RFC 7517 https://datatracker.ietf.org/doc/html/rfc7517#section-4.5

func (*PublicKeyFinder) ByToken ¶

func (f *PublicKeyFinder) ByToken(ctx context.Context, issuer string, token []byte) (*PublicKeyRecord, error)

ByToken looks up an OP public key in the JWKS using the KeyID (kid) in the protected header from the supplied token.

type PublicKeyRecord ¶

type PublicKeyRecord struct {
	PublicKey crypto.PublicKey
	Alg       string
	Issuer    string
}

func NewPublicKeyRecord ¶

func NewPublicKeyRecord(key jwk.Key, issuer string) (*PublicKeyRecord, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL