Documentation ¶
Index ¶
- func GetJwksByIssuer(ctx context.Context, issuer string) ([]byte, error)
- type JwksFetchFunc
- type PublicKeyFinder
- func (f *PublicKeyFinder) ByJTK(ctx context.Context, issuer string, jtk string) (*PublicKeyRecord, error)
- func (f *PublicKeyFinder) ByKeyID(ctx context.Context, issuer string, keyID string) (*PublicKeyRecord, error)
- func (f *PublicKeyFinder) ByToken(ctx context.Context, issuer string, token []byte) (*PublicKeyRecord, error)
- type PublicKeyRecord
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type PublicKeyFinder ¶
type PublicKeyFinder struct {
JwksFunc JwksFetchFunc
}
func DefaultPubkeyFinder ¶
func DefaultPubkeyFinder() *PublicKeyFinder
func (*PublicKeyFinder) ByJTK ¶
func (f *PublicKeyFinder) ByJTK(ctx context.Context, issuer string, jtk string) (*PublicKeyRecord, error)
func (*PublicKeyFinder) ByKeyID ¶
func (f *PublicKeyFinder) ByKeyID(ctx context.Context, issuer string, keyID string) (*PublicKeyRecord, error)
ByKeyID looks up an OP public key in the JWKS using the KeyID (kid) supplied. If no KeyID (kid) exists in the header and there is only one key in the JWKS, that key is returned. This is useful for cases where an OP may not set a KeyID (kid) in the JWT header.
The JWT RFC states that it is acceptable to not use a KeyID (kid) if there is only one key in the JWKS: "The "kid" (key ID) parameter is used to match a specific key. This is used, for instance, to choose among a set of keys within a JWK Set during key rollover. The structure of the "kid" value is unspecified. When "kid" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct "kid" values. (One example in which different keys might use the same "kid" value is if they have different "kty" (key type) values but are considered to be equivalent alternatives by the application using them.) The "kid" value is a case-sensitive string. Use of this member is OPTIONAL. When used with JWS or JWE, the "kid" value is used to match a JWS or JWE "kid" Header Parameter value." - RFC 7517 https://datatracker.ietf.org/doc/html/rfc7517#section-4.5
func (*PublicKeyFinder) ByToken ¶
func (f *PublicKeyFinder) ByToken(ctx context.Context, issuer string, token []byte) (*PublicKeyRecord, error)
ByToken looks up an OP public key in the JWKS using the KeyID (kid) in the protected header from the supplied token.
type PublicKeyRecord ¶
func NewPublicKeyRecord ¶
func NewPublicKeyRecord(key jwk.Key, issuer string) (*PublicKeyRecord, error)