Documentation
¶
Overview ¶
Package jwt is used to sign and verify JWT tokens used by application access.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateKeyPair ¶
GenerateKeyPair generates and return a PEM encoded private and public key in the format used by this package.
Types ¶
type Claims ¶
type Claims struct {
// Claims represents public claim values (as specified in RFC 7519).
jwt.Claims
// Username returns the Teleport identity of the user.
Username string `json:"username"`
// Roles returns the list of roles assigned to the user within Teleport.
Roles []string `json:"roles"`
// Traits returns the traits assigned to the user within Teleport.
Traits wrappers.Traits `json:"traits"`
}
Claims represents public and private claims for a JWT token.
type Config ¶
type Config struct {
// Clock is used to control expiry time.
Clock clockwork.Clock
// PublicKey is used to verify a signed token.
PublicKey crypto.PublicKey
// PrivateKey is used to sign and verify tokens.
PrivateKey crypto.Signer
// Algorithm is algorithm used to sign JWT tokens.
Algorithm jose.SignatureAlgorithm
// ClusterName is the name of the cluster that will be signing the JWT tokens.
ClusterName string
}
Config defines the clock and PEM encoded bytes of a public and private key that form a *jwt.Key.
func (*Config) CheckAndSetDefaults ¶
CheckAndSetDefaults validates the values of a *Config.
type JWK ¶
type JWK struct {
// KeyType is the type of asymmetric key used.
KeyType string `json:"kty"`
// Algorithm used to sign.
Algorithm string `json:"alg"`
// N is the modulus of the public key.
N string `json:"n"`
// E is the exponent of the public key.
E string `json:"e"`
}
JWK is a JSON Web Key, described in detail in RFC 7517.
func MarshalJWK ¶
MarshalJWK will marshal a supported public key into JWK format.
type Key ¶
type Key struct {
// contains filtered or unexported fields
}
Key is a JWT key that can be used to sign and/or verify a token.
func (*Key) SignSnowflake ¶
func (k *Key) SignSnowflake(p SignParams, issuer string) (string, error)
func (*Key) Verify ¶
func (k *Key) Verify(p VerifyParams) (*Claims, error)
Verify will validate the passed in JWT token.
func (*Key) VerifySnowflake ¶
func (k *Key) VerifySnowflake(p SnowflakeVerifyParams) (*Claims, error)
VerifySnowflake will validate the passed in JWT token.
type SignParams ¶
type SignParams struct {
// Username is the Teleport identity.
Username string
// Roles are the roles assigned to the user within Teleport.
Roles []string
// Traits are the traits assigned to the user within Teleport.
Traits wrappers.Traits
// Expiry is time to live for the token.
Expires time.Time
// URI is the URI of the recipient application.
URI string
}
SignParams are the claims to be embedded within the JWT token.
func (*SignParams) Check ¶
func (p *SignParams) Check() error
Check verifies all the values are valid.
type SnowflakeVerifyParams ¶
func (*SnowflakeVerifyParams) Check ¶
func (p *SnowflakeVerifyParams) Check() error
type VerifyParams ¶
type VerifyParams struct {
// Username is the Teleport identity.
Username string
// RawToken is the JWT token.
RawToken string
// URI is the URI of the recipient application.
URI string
}
VerifyParams are the parameters needed to pass the token and data needed to verify.
func (*VerifyParams) Check ¶
func (p *VerifyParams) Check() error
Check verifies all the values are valid.
Source Files