jwt

Documentation

Overview

Package jwt implements JSON Web Tokens as described in https://tools.ietf.org/html/rfc7519

Index

• Variables
• type ClaimSet
  • func NewClaimSet() *ClaimSet
  • func (c *ClaimSet) Get(key string) interface{}
  • func (c *ClaimSet) MarshalJSON() ([]byte, error)
  • func (c *ClaimSet) Set(key string, value interface{}) error
  • func (c *ClaimSet) UnmarshalJSON(data []byte) error
  • func (c *ClaimSet) Verify(options ...VerifyOption) error
• type Clock
• type ClockFunc
  • func (f ClockFunc) Now() time.Time
• type EssentialClaims
  • func (c *EssentialClaims) Construct(m map[string]interface{}) error
• type NumericDate
  • func (n NumericDate) MarshalJSON() ([]byte, error)
  • func (n *NumericDate) UnmarshalJSON(data []byte) error
• type VerifyOption
  • func WithAcceptableSkew(dur time.Duration) VerifyOption
  • func WithAudience(s string) VerifyOption
  • func WithClock(c Clock) VerifyOption
  • func WithIssuer(s string) VerifyOption
  • func WithJwtID(s string) VerifyOption
  • func WithSubject(s string) VerifyOption

Examples

• ClaimSet

Variables

var ErrInvalidValue = errors.New("invalid value for key")

ErrInvalidValue is returned when an invalid type is passed to a known claim (i.e. those defined in EssentialClaims

Types

type ClaimSet

type ClaimSet struct {
	*EssentialClaims `json:"-"`
	PrivateClaims    map[string]interface{} `json:"-"`
}

ClaimSet holds an arbitrary claim set

Example

c := NewClaimSet()
c.Set("sub", "123456789")
c.Set("aud", "foo")
c.Set("https://github.com/lestrrat", "me")

buf, err := json.MarshalIndent(c, "", "  ")
if err != nil {
	log.Printf("failed to generate JSON: %s", err)
	return
}

log.Printf("%s", buf)
log.Printf("sub     -> '%s'", c.Get("sub").(string))
log.Printf("aud     -> '%v'", c.Get("aud").([]string))
log.Printf("private -> '%s'", c.Get("https://github.com/lestrrat").(string))

func NewClaimSet

func NewClaimSet() *ClaimSet

NewClaimSet creates a new ClaimSet

func (*ClaimSet) Get

func (c *ClaimSet) Get(key string) interface{}

Get retuns the value registered in this ClaimSet with the matching key name

func (*ClaimSet) MarshalJSON

func (c *ClaimSet) MarshalJSON() ([]byte, error)

MarshalJSON generates JSON representation of this claim set

func (*ClaimSet) Set

func (c *ClaimSet) Set(key string, value interface{}) error

Set takes a key and a value, and sets the appropriate values in the `ClaimSet` for you. If the key is a known ("Essential") claim, it is set in `c.EssentialClaim` struct, which means that some amoutn of type safety is asserted. Otherwise it is assumed to be a private claim as is.

Set returns an error if a known essential claim name is used and its type does not match with the type given in `value`. If you want to rely on compile time check for types, you should be assigning values directly to the struct.

func (*ClaimSet) UnmarshalJSON

func (c *ClaimSet) UnmarshalJSON(data []byte) error

UnmarshalJSON parses the JSON representation and initializes this ClaimSet

func (*ClaimSet) Verify

func (c *ClaimSet) Verify(options ...VerifyOption) error

Verify makes sure that the essential claims stand.

See the various `WithXXX` functions for optional parameters that can control the behavior of this method.

type Clock

type Clock interface {
	Now() time.Time
}

type ClockFunc

type ClockFunc func() time.Time

func (ClockFunc) Now

func (f ClockFunc) Now() time.Time

type EssentialClaims

type EssentialClaims struct {
	Audience   []string     `json:"aud,omitempty"` // https://tools.ietf.org/html/rfc7519#section-4.1.3
	Expiration int64        `json:"exp,omitempty"` // https://tools.ietf.org/html/rfc7519#section-4.1.4
	IssuedAt   int64        `json:"iat,omitempty"` // https://tools.ietf.org/html/rfc7519#section-4.1.6
	Issuer     string       `json:"iss,omitempty"` // https://tools.ietf.org/html/rfc7519#section-4.1.1
	JwtID      string       `json:"jti,omitempty"` // https://tools.ietf.org/html/rfc7519#section-4.1.7
	NotBefore  *NumericDate `json:"nbf,omitempty"` // https://tools.ietf.org/html/rfc7519#section-4.1.5
	Subject    string       `json:"sub,omitempty"` // https://tools.ietf.org/html/rfc7519#section-4.1.2
}

EssentialClaims contains the set of known set of claims in JWT spec.

func (*EssentialClaims) Construct

func (c *EssentialClaims) Construct(m map[string]interface{}) error

Construct takes a map and initializes the essential claims with its values

type NumericDate

type NumericDate struct {
	time.Time
}

NumericDate represents the date format used in the 'nbf' claim

func (NumericDate) MarshalJSON

func (n NumericDate) MarshalJSON() ([]byte, error)

MarshalJSON generates JSON representation of this instant

func (*NumericDate) UnmarshalJSON

func (n *NumericDate) UnmarshalJSON(data []byte) error

UnmarshalJSON parses the JSON representation and initializes this NumericDate

type VerifyOption

type VerifyOption interface {
	Name() string
	Value() interface{}
}

func WithAcceptableSkew

func WithAcceptableSkew(dur time.Duration) VerifyOption

WithAcceptableSkew specifies the duration in which exp and nbf claims may differ by. This value should be positive

func WithAudience

func WithAudience(s string) VerifyOption

WithAudience specifies that expected audience value. Verify will return true if one of the values in the `aud` element matches this value. If not specified, the value of issuer is not verified at all.

func WithClock

func WithClock(c Clock) VerifyOption

WithClock specifies the `Clock` to be used when verifying claims exp and nbf.

func WithIssuer

func WithIssuer(s string) VerifyOption

WithIssuer specifies that expected issuer value. If not specified, the value of issuer is not verified at all.

func WithJwtID

func WithJwtID(s string) VerifyOption

WithJwtID specifies that expected jti value. If not specified, the value of jti is not verified at all.

func WithSubject

func WithSubject(s string) VerifyOption

WithSubject specifies that expected subject value. If not specified, the value of subject is not verified at all.