Documentation ¶
Overview ¶
Package jwt implements JSON Web Tokens as described in https://tools.ietf.org/html/rfc7519
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ErrInvalidValue = errors.New("invalid value for key")
ErrInvalidValue is returned when an invalid type is passed to a known claim (i.e. those defined in EssentialClaims
Functions ¶
This section is empty.
Types ¶
type ClaimSet ¶
type ClaimSet struct { *EssentialClaims `json:"-"` PrivateClaims map[string]interface{} `json:"-"` }
ClaimSet holds an arbitrary claim set
Example ¶
c := NewClaimSet() c.Set("sub", "123456789") c.Set("aud", "foo") c.Set("https://github.com/lestrrat", "me") buf, err := json.MarshalIndent(c, "", " ") if err != nil { log.Printf("failed to generate JSON: %s", err) return } log.Printf("%s", buf) log.Printf("sub -> '%s'", c.Get("sub").(string)) log.Printf("aud -> '%v'", c.Get("aud").([]string)) log.Printf("private -> '%s'", c.Get("https://github.com/lestrrat").(string))
Output:
func (*ClaimSet) MarshalJSON ¶
MarshalJSON generates JSON representation of this claim set
func (*ClaimSet) Set ¶
Set takes a key and a value, and sets the appropriate values in the `ClaimSet` for you. If the key is a known ("Essential") claim, it is set in `c.EssentialClaim` struct, which means that some amoutn of type safety is asserted. Otherwise it is assumed to be a private claim as is.
Set returns an error if a known essential claim name is used and its type does not match with the type given in `value`. If you want to rely on compile time check for types, you should be assigning values directly to the struct.
func (*ClaimSet) UnmarshalJSON ¶
UnmarshalJSON parses the JSON representation and initializes this ClaimSet
func (*ClaimSet) Verify ¶
func (c *ClaimSet) Verify(options ...VerifyOption) error
Verify makes sure that the essential claims stand.
See the various `WithXXX` functions for optional parameters that can control the behavior of this method.
type EssentialClaims ¶
type EssentialClaims struct { Audience []string `json:"aud,omitempty"` // https://tools.ietf.org/html/rfc7519#section-4.1.3 Expiration int64 `json:"exp,omitempty"` // https://tools.ietf.org/html/rfc7519#section-4.1.4 IssuedAt int64 `json:"iat,omitempty"` // https://tools.ietf.org/html/rfc7519#section-4.1.6 Issuer string `json:"iss,omitempty"` // https://tools.ietf.org/html/rfc7519#section-4.1.1 JwtID string `json:"jti,omitempty"` // https://tools.ietf.org/html/rfc7519#section-4.1.7 NotBefore *NumericDate `json:"nbf,omitempty"` // https://tools.ietf.org/html/rfc7519#section-4.1.5 Subject string `json:"sub,omitempty"` // https://tools.ietf.org/html/rfc7519#section-4.1.2 }
EssentialClaims contains the set of known set of claims in JWT spec.
func (*EssentialClaims) Construct ¶
func (c *EssentialClaims) Construct(m map[string]interface{}) error
Construct takes a map and initializes the essential claims with its values
type NumericDate ¶
NumericDate represents the date format used in the 'nbf' claim
func (NumericDate) MarshalJSON ¶
func (n NumericDate) MarshalJSON() ([]byte, error)
MarshalJSON generates JSON representation of this instant
func (*NumericDate) UnmarshalJSON ¶
func (n *NumericDate) UnmarshalJSON(data []byte) error
UnmarshalJSON parses the JSON representation and initializes this NumericDate
type VerifyOption ¶
type VerifyOption interface { Name() string Value() interface{} }
func WithAcceptableSkew ¶
func WithAcceptableSkew(dur time.Duration) VerifyOption
WithAcceptableSkew specifies the duration in which exp and nbf claims may differ by. This value should be positive
func WithAudience ¶
func WithAudience(s string) VerifyOption
WithAudience specifies that expected audience value. Verify will return true if one of the values in the `aud` element matches this value. If not specified, the value of issuer is not verified at all.
func WithClock ¶
func WithClock(c Clock) VerifyOption
WithClock specifies the `Clock` to be used when verifying claims exp and nbf.
func WithIssuer ¶
func WithIssuer(s string) VerifyOption
WithIssuer specifies that expected issuer value. If not specified, the value of issuer is not verified at all.
func WithJwtID ¶
func WithJwtID(s string) VerifyOption
WithJwtID specifies that expected jti value. If not specified, the value of jti is not verified at all.
func WithSubject ¶
func WithSubject(s string) VerifyOption
WithSubject specifies that expected subject value. If not specified, the value of subject is not verified at all.