jwtsvid

package

v2.2.0 Latest Latest Go to latest Published: Apr 1, 2024 License: Apache-2.0 Imports: 7 Imported by: 22

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/spiffe/go-spiffe

Links

Open Source Insights

Documentation ¶

Index ¶

type Params
type SVID
- func ParseAndValidate(token string, bundles jwtbundle.Source, audience []string) (*SVID, error)
- func ParseInsecure(token string, audience []string) (*SVID, error)
- func (svid *SVID) Marshal() string
type Source

Examples ¶

ParseAndValidate

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Params ¶

type Params struct {
	Audience       string
	ExtraAudiences []string
	Subject        spiffeid.ID
}

Params are JWT-SVID parameters used when fetching a new JWT-SVID.

type SVID ¶

type SVID struct {
	// ID is the SPIFFE ID of the JWT-SVID as present in the 'sub' claim
	ID spiffeid.ID
	// Audience is the intended recipients of JWT-SVID as present in the 'aud' claim
	Audience []string
	// Expiry is the expiration time of JWT-SVID as present in 'exp' claim
	Expiry time.Time
	// Claims is the parsed claims from token
	Claims map[string]interface{}
	// Hint is an operator-specified string used to provide guidance on how this
	// identity should be used by a workload when more than one SVID is returned.
	Hint string
	// contains filtered or unexported fields
}

SVID represents a JWT-SVID.

func ParseAndValidate ¶

func ParseAndValidate(token string, bundles jwtbundle.Source, audience []string) (*SVID, error)

ParseAndValidate parses and validates a JWT-SVID token and returns the JWT-SVID. The JWT-SVID signature is verified using the JWT bundle source.

Example ¶

package main

import (
	"context"

	"github.com/spiffe/go-spiffe/v2/spiffeid"
	"github.com/spiffe/go-spiffe/v2/svid/jwtsvid"
	"github.com/spiffe/go-spiffe/v2/workloadapi"
)

func main() {
	td, err := spiffeid.TrustDomainFromString("example.org")
	if err != nil {
		// TODO: error handling
	}

	token := "TODO"
	audience := []string{spiffeid.RequireFromPath(td, "/server").String()}

	jwtSource, err := workloadapi.NewJWTSource(context.TODO())
	if err != nil {
		// TODO: error handling
	}
	defer jwtSource.Close()

	svid, err := jwtsvid.ParseAndValidate(token, jwtSource, audience)
	if err != nil {
		// TODO: error handling
	}

	// TODO: do something with the JWT-SVID
	svid = svid
}

Output:

func ParseInsecure ¶

func ParseInsecure(token string, audience []string) (*SVID, error)

ParseInsecure parses and validates a JWT-SVID token and returns the JWT-SVID. The JWT-SVID signature is not verified.

func (*SVID) Marshal ¶

func (svid *SVID) Marshal() string

Marshal returns the JWT-SVID marshaled to a string. The returned value is the same token value originally passed to ParseAndValidate.

type Source ¶

type Source interface {
	// FetchJWTSVID fetches a JWT-SVID from the source with the given
	// parameters.
	FetchJWTSVID(ctx context.Context, params Params) (*SVID, error)
}

Source represents a source of JWT-SVIDs.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL