token

package
v1.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 20, 2015 License: Apache-2.0, Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// TokenSeparator is the value which separates the header, claims, and
	// signature in the compact serialization of a JSON Web Token.
	TokenSeparator = "."
)

Variables

View Source 
var (
	ErrInsufficientScope = errors.New("insufficient scope")
	ErrTokenRequired     = errors.New("authorization token required")
)

Errors used and exported by this package.

View Source 
var (
	ErrMalformedToken = errors.New("malformed token")
	ErrInvalidToken   = errors.New("invalid token")
)

Errors used by token parsing and verification.

Functions

This section is empty.

Types

type ClaimSet 

type ClaimSet struct {
	// Public claims
	Issuer     string `json:"iss"`
	Subject    string `json:"sub"`
	Audience   string `json:"aud"`
	Expiration int64  `json:"exp"`
	NotBefore  int64  `json:"nbf"`
	IssuedAt   int64  `json:"iat"`
	JWTID      string `json:"jti"`

	// Private claims
	Access []*ResourceActions `json:"access"`
}

ClaimSet describes the main section of a JSON Web Token. 

type Header struct {
	Type       string          `json:"typ"`
	SigningAlg string          `json:"alg"`
	KeyID      string          `json:"kid,omitempty"`
	X5c        []string        `json:"x5c,omitempty"`
	RawJWK     json.RawMessage `json:"jwk,omitempty"`
}

Header describes the header section of a JSON Web Token.

type ResourceActions 

type ResourceActions struct {
	Type    string   `json:"type"`
	Name    string   `json:"name"`
	Actions []string `json:"actions"`
}

ResourceActions stores allowed actions on a named and typed resource.

type Token 

type Token struct {
	Raw       string
	Header    *Header
	Claims    *ClaimSet
	Signature []byte
}

Token describes a JSON Web Token.

func NewToken 

func NewToken(rawToken string) (*Token, error)

NewToken parses the given raw token string and constructs an unverified JSON Web Token.

func (*Token) Verify 

func (t *Token) Verify(verifyOpts VerifyOptions) error

Verify attempts to verify this token using the given options. Returns a nil error if the token is valid.

func (*Token) VerifySigningKey 

func (t *Token) VerifySigningKey(verifyOpts VerifyOptions) (signingKey libtrust.PublicKey, err error)

VerifySigningKey attempts to get the key which was used to sign this token. The token header should contain either of these 3 fields: 

`x5c` - The x509 certificate chain for the signing key. Needs to be
        verified.
`jwk` - The JSON Web Key representation of the signing key.
        May contain its own `x5c` field which needs to be verified.
`kid` - The unique identifier for the key. This library interprets it
        as a libtrust fingerprint. The key itself can be looked up in
        the trustedKeys field of the given verify options.

Each of these methods are tried in that order of preference until the signing key is found or an error is returned.

type VerifyOptions 

type VerifyOptions struct {
	TrustedIssuers    []string
	AcceptedAudiences []string
	Roots             *x509.CertPool
	TrustedKeys       map[string]libtrust.PublicKey
}

VerifyOptions is used to specify options when verifying a JSON Web Token.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.