jwt

package
v1.0.0-...-a941c39 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 27, 2016 License: MIT Imports: 6 Imported by: 8

Documentation

Overview

Package jwt implements JWTs per RFC 7519

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrTokenIsExpired is return when time.Now().Unix() is after
	// the token's "exp" claim.
	ErrTokenIsExpired = errors.New("token is expired")

	// ErrTokenNotYetValid is return when time.Now().Unix() is before
	// the token's "nbf" claim.
	ErrTokenNotYetValid = errors.New("token is not yet valid")

	// ErrInvalidISSClaim means the "iss" claim is invalid.
	ErrInvalidISSClaim = errors.New("claim \"iss\" is invalid")

	// ErrInvalidSUBClaim means the "sub" claim is invalid.
	ErrInvalidSUBClaim = errors.New("claim \"sub\" is invalid")

	// ErrInvalidIATClaim means the "iat" claim is invalid.
	ErrInvalidIATClaim = errors.New("claim \"iat\" is invalid")

	// ErrInvalidJTIClaim means the "jti" claim is invalid.
	ErrInvalidJTIClaim = errors.New("claim \"jti\" is invalid")

	// ErrInvalidAUDClaim means the "aud" claim is invalid.
	ErrInvalidAUDClaim = errors.New("claim \"aud\" is invalid")
)

Functions

func ValidAudience 

func ValidAudience(a, b interface{}) bool

ValidAudience returns true iff:

  • a and b are strings and a == b
  • a is string, b is []string and a is in b
  • a is []string, b is []string and all of a is in b
  • a is []string, b is string and len(a) == 1 and a[0] == b

Types

type Claims 

type Claims map[string]interface{}

Claims implements a set of JOSE Claims with the addition of some helper methods, similar to net/url.Values.

func (Claims) Audience 

func (c Claims) Audience() ([]string, bool)

Audience retrieves claim "aud" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.3

func (Claims) Base64 

func (c Claims) Base64() ([]byte, error)

Base64 implements the jose.Encoder interface.

func (Claims) Del 

func (c Claims) Del(key string)

Del removes the value that corresponds with key from the Claims.

func (Claims) Expiration 

func (c Claims) Expiration() (time.Time, bool)

Expiration retrieves claim "exp" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.4

func (Claims) Get 

func (c Claims) Get(key string) interface{}

Get retrieves the value corresponding with key from the Claims.

func (Claims) GetTime 

func (c Claims) GetTime(key string) (time.Time, bool)

GetTime returns a UNIX time for the given key.

It converts an int, int32, int64, uint, uint32, uint64 or float64 value into a UNIX time (epoch seconds). float32 does not have sufficient precision to store a UNIX time.

Numeric values parsed from JSON will always be stored as float64 since Claims is a map[string]interface{}. However, internally the values may be stored directly in the claims map as different types.

func (Claims) Has 

func (c Claims) Has(key string) bool

Has returns true if a value for the given key exists inside the Claims.

func (Claims) IssuedAt 

func (c Claims) IssuedAt() (time.Time, bool)

IssuedAt retrieves claim "iat" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.6

func (Claims) Issuer 

func (c Claims) Issuer() (string, bool)

Issuer retrieves claim "iss" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.1

func (Claims) JWTID 

func (c Claims) JWTID() (string, bool)

JWTID retrieves claim "jti" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.7

func (Claims) MarshalJSON 

func (c Claims) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler for Claims.

func (Claims) NotBefore 

func (c Claims) NotBefore() (time.Time, bool)

NotBefore retrieves claim "nbf" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.5

func (Claims) RemoveAudience 

func (c Claims) RemoveAudience()

RemoveAudience deletes claim "aud" from c.

func (Claims) RemoveExpiration 

func (c Claims) RemoveExpiration()

RemoveExpiration deletes claim "exp" from c.

func (Claims) RemoveIssuedAt 

func (c Claims) RemoveIssuedAt()

RemoveIssuedAt deletes claim "iat" from c.

func (Claims) RemoveIssuer 

func (c Claims) RemoveIssuer()

RemoveIssuer deletes claim "iss" from c.

func (Claims) RemoveJWTID 

func (c Claims) RemoveJWTID()

RemoveJWTID deletes claim "jti" from c.

func (Claims) RemoveNotBefore 

func (c Claims) RemoveNotBefore()

RemoveNotBefore deletes claim "nbf" from c.

func (Claims) RemoveSubject 

func (c Claims) RemoveSubject()

RemoveSubject deletes claim "sub" from c.

func (Claims) Set 

func (c Claims) Set(key string, val interface{})

Set sets Claims[key] = val. It'll overwrite without warning.

func (Claims) SetAudience 

func (c Claims) SetAudience(audience ...string)

SetAudience sets claim "aud" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.3

func (Claims) SetExpiration 

func (c Claims) SetExpiration(expiration time.Time)

SetExpiration sets claim "exp" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.4

func (Claims) SetIssuedAt 

func (c Claims) SetIssuedAt(issuedAt time.Time)

SetIssuedAt sets claim "iat" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.6

func (Claims) SetIssuer 

func (c Claims) SetIssuer(issuer string)

SetIssuer sets claim "iss" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.1

func (Claims) SetJWTID 

func (c Claims) SetJWTID(uniqueID string)

SetJWTID sets claim "jti" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.7

func (Claims) SetNotBefore 

func (c Claims) SetNotBefore(notBefore time.Time)

SetNotBefore sets claim "nbf" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.5

func (Claims) SetSubject 

func (c Claims) SetSubject(subject string)

SetSubject sets claim "iss" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.2

func (Claims) SetTime 

func (c Claims) SetTime(key string, t time.Time)

SetTime stores a UNIX time for the given key.

func (Claims) Subject 

func (c Claims) Subject() (string, bool)

Subject retrieves claim "sub" per its type in https://tools.ietf.org/html/rfc7519#section-4.1.2

func (*Claims) UnmarshalJSON 

func (c *Claims) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json.Unmarshaler for Claims.

func (Claims) Validate 

func (c Claims) Validate(now time.Time, expLeeway, nbfLeeway time.Duration) error

Validate validates the Claims per the claims found in https://tools.ietf.org/html/rfc7519#section-4.1

type JWT 

type JWT interface {
	// Claims returns the set of Claims.
	Claims() Claims

	// Validate returns an error describing any issues found while
	// validating the JWT. For info on the fn parameter, see the
	// comment on ValidateFunc.
	Validate(key interface{}, method crypto.SigningMethod, v ...*Validator) error

	// Serialize serializes the JWT into its on-the-wire
	// representation.
	Serialize(key interface{}) ([]byte, error)
}

JWT represents a JWT per RFC 7519. It's described as an interface instead of a physical structure because both JWS and JWEs can be JWTs. So, in order to use either, import one of those two packages and use their "NewJWT" (and other) functions.

type ValidateFunc 

type ValidateFunc func(Claims) error

ValidateFunc is a function that provides access to the JWT and allows for custom validation. Keep in mind that the Verify methods in the JWS/JWE sibling packages call ValidateFunc *after* validating the JWS/JWE, but *before* any validation per the JWT RFC. Therefore, the ValidateFunc can be used to short-circuit verification, but cannot be used to circumvent the RFC. Custom JWT implementations are free to abuse this, but it is not recommended.

type Validator 

type Validator struct {
	Expected Claims        // If non-nil, these are required to match.
	EXP      time.Duration // EXPLeeway
	NBF      time.Duration // NBFLeeway
	Fn       ValidateFunc  // See ValidateFunc for more information.
	// contains filtered or unexported fields
}

Validator represents some of the validation options.

func (*Validator) SetAudience 

func (v *Validator) SetAudience(aud string)

SetAudience sets the "aud" claim per https://tools.ietf.org/html/rfc7519#section-4.1.3

func (*Validator) SetClaim 

func (v *Validator) SetClaim(claim string, val interface{})

SetClaim sets the claim with the given val.

func (*Validator) SetExpiration 

func (v *Validator) SetExpiration(exp time.Time)

SetExpiration sets the "exp" claim per https://tools.ietf.org/html/rfc7519#section-4.1.4

func (*Validator) SetIssuedAt 

func (v *Validator) SetIssuedAt(iat time.Time)

SetIssuedAt sets the "iat" claim per https://tools.ietf.org/html/rfc7519#section-4.1.6

func (*Validator) SetIssuer 

func (v *Validator) SetIssuer(iss string)

SetIssuer sets the "iss" claim per https://tools.ietf.org/html/rfc7519#section-4.1.1

func (*Validator) SetJWTID 

func (v *Validator) SetJWTID(jti string)

SetJWTID sets the "jti" claim per https://tools.ietf.org/html/rfc7519#section-4.1.7

func (*Validator) SetNotBefore 

func (v *Validator) SetNotBefore(nbf time.Time)

SetNotBefore sets the "nbf" claim per https://tools.ietf.org/html/rfc7519#section-4.1.5

func (*Validator) SetSubject 

func (v *Validator) SetSubject(sub string)

SetSubject sets the "sub" claim per https://tools.ietf.org/html/rfc7519#section-4.1.2

func (*Validator) Validate 

func (v *Validator) Validate(j JWT) error

Validate validates the JWT based on the expected claims in v. Note: it only validates the registered claims per https://tools.ietf.org/html/rfc7519#section-4.1

Custom claims should be validated using v's Fn member.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.