jwt

package module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 12, 2021 License: BSD-3-Clause Imports: 21 Imported by: 1

README

Tideland Go JSON Web Token

GitHub release GitHub license Go Module GoDoc Workflow Go Report Card

Description

Tideland Go JSON Web Token provides a complete JWT including generation, verification, analyzing, and caching.

I hope you like it. ;)

Contributors

Documentation

Overview

Package token provides the generation, verification, and analyzing of JSON Web Tokens.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewContext

func NewContext(ctx context.Context, token *JWT) context.Context

NewContext returns a new context that carries a token.

func RequestAdd

func RequestAdd(req *http.Request, jwt *JWT) *http.Request

RequestAdd adds a token as header to a request for usage by a client.

Types

type Algorithm

type Algorithm string

Algorithm describes the algorithm used to sign a token.

const (
	ES256 Algorithm = "ES256"
	ES384 Algorithm = "ES384"
	ES512 Algorithm = "ES512"
	HS256 Algorithm = "HS256"
	HS384 Algorithm = "HS384"
	HS512 Algorithm = "HS512"
	PS256 Algorithm = "PS256"
	PS384 Algorithm = "PS384"
	PS512 Algorithm = "PS512"
	RS256 Algorithm = "RS256"
	RS384 Algorithm = "RS384"
	RS512 Algorithm = "RS512"
	NONE  Algorithm = "none"
)

Definition of the supported algorithms.

func (Algorithm) Sign

func (a Algorithm) Sign(data []byte, key Key) (Signature, error)

Sign creates the signature for the data based on the algorithm and the key.

func (Algorithm) Verify

func (a Algorithm) Verify(data []byte, sig Signature, key Key) error

Verify checks if the signature is correct for the data when using the passed key.

type Cache

type Cache struct {
	// contains filtered or unexported fields
}

Cache provides a caching for tokens so that these don't have to be decoded or verified multiple times.

func NewCache

func NewCache(ctx context.Context, ttl, leeway, interval time.Duration, maxEntries int) *Cache

NewCache creates a new JWT caching. The ttl value controls the time a cached token may be unused before cleanup. The leeway is used for the time validation of the token itself. The duration of the interval controls how often the background cleanup is running. Final configuration parameter is the maximum number of entries inside the cache. If these grow too fast the ttl will be temporarily reduced for cleanup.

func (*Cache) Cleanup

func (c *Cache) Cleanup() error

Cleanup manually tells the cache to cleanup.

func (*Cache) Get

func (c *Cache) Get(st string) (*JWT, error)

Get tries to retrieve a token from the cache.

func (*Cache) Put

func (c *Cache) Put(token *JWT) (int, error)

Put adds a token to the cache and return the total number of entries.

func (*Cache) RequestDecode

func (c *Cache) RequestDecode(req *http.Request) (*JWT, error)

RequestDecode tries to retrieve a token from the cache by the requests authorization header. Otherwise it decodes it and puts it.

func (*Cache) RequestVerify

func (c *Cache) RequestVerify(req *http.Request, key Key) (*JWT, error)

RequestVerify tries to retrieve a token from the cache by the requests authorization header. Otherwise it verifies it and puts it.

type Claims

type Claims map[string]interface{}

Claims contains the claims of a token payload. The type also provides getters and setters for the reserved claims.

func NewClaims

func NewClaims() Claims

NewClaims returns an empty set of claims.

func (Claims) Audience

func (c Claims) Audience() ([]string, bool)

Audience retrieves the reserved "aud" claim.

func (Claims) Contains

func (c Claims) Contains(key string) bool

Contains checks if the claims contain a given key.

func (Claims) Delete

func (c Claims) Delete(key string) interface{}

Delete deletes a value from the claims. It returns a potential old value.

func (Claims) DeleteAudience

func (c Claims) DeleteAudience() []string

DeleteAudience deletes the reserved "aud" claim. It returns a potential old value.

func (Claims) DeleteExpiration

func (c Claims) DeleteExpiration() time.Time

DeleteExpiration deletes the reserved "exp" claim. It returns a potential old value.

func (Claims) DeleteIdentifier

func (c Claims) DeleteIdentifier() string

DeleteIdentifier deletes the reserved "jti" claim. It returns a potential old value.

func (Claims) DeleteIssuedAt

func (c Claims) DeleteIssuedAt() time.Time

DeleteIssuedAt deletes the reserved "iat" claim. It returns a potential old value.

func (Claims) DeleteIssuer

func (c Claims) DeleteIssuer() string

DeleteIssuer deletes the reserved "iss" claim. It returns a potential old value.

func (Claims) DeleteNotBefore

func (c Claims) DeleteNotBefore() time.Time

DeleteNotBefore deletes the reserved "nbf" claim. It returns a potential old value.

func (Claims) DeleteSubject

func (c Claims) DeleteSubject() string

DeleteSubject deletes the reserved "sub" claim. It returns a potential old value.

func (Claims) Expiration

func (c Claims) Expiration() (time.Time, bool)

Expiration retrieves the reserved "exp" claim.

func (Claims) Get

func (c Claims) Get(key string) (interface{}, bool)

Get retrieves a value from the claims.

func (Claims) GetBool

func (c Claims) GetBool(key string) (bool, bool)

GetBool retrieves a bool value. It also accepts the strings "1", "t", "T", "TRUE", "true", "True", "0", "f", "F", "FALSE", "false", and "False".

func (Claims) GetFloat64

func (c Claims) GetFloat64(key string) (float64, bool)

GetFloat64 retrieves a float value.

func (Claims) GetInt

func (c Claims) GetInt(key string) (int, bool)

GetInt retrieves an integer value.

func (Claims) GetMarshalled

func (c Claims) GetMarshalled(key string, v interface{}) (bool, error)

GetMarshalled unmarshalls the JSON value of the key and stores it in the value pointed to by v.

func (Claims) GetString

func (c Claims) GetString(key string) (string, bool)

GetString retrieves a string value. If it is no string it will be converted into a string.

func (Claims) GetTime

func (c Claims) GetTime(key string) (time.Time, bool)

GetTime retrieves a time value. Int, int32, int64, and float64 are valid types for the conversion. In case a string it is interpreted as RFC 3339 formatted time.

func (Claims) Identifier

func (c Claims) Identifier() (string, bool)

Identifier retrieves the reserved "jti" claim.

func (Claims) IsAlreadyValid

func (c Claims) IsAlreadyValid(leeway time.Duration) bool

IsAlreadyValid checks if the claim "nbf" is after the current time. The leeway is subtracted from the "nbf" time to account for clock skew.

func (Claims) IsStillValid

func (c Claims) IsStillValid(leeway time.Duration) bool

IsStillValid checks if the claim "exp" is before the current time. The leeway is added to the "exp" time to account for clock skew.

func (Claims) IsValid

func (c Claims) IsValid(leeway time.Duration) bool

IsValid is a combination of IsAlreadyValid() and IsStillValid().

func (Claims) IssuedAt

func (c Claims) IssuedAt() (time.Time, bool)

IssuedAt retrieves the reserved "iat" claim.

func (Claims) Issuer

func (c Claims) Issuer() (string, bool)

Issuer retrieves the reserved "iss" claim.

func (Claims) Len

func (c Claims) Len() int

Len returns the number of entries in the claims.

func (Claims) MarshalJSON

func (c Claims) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface even for nil or empty claims.

func (Claims) NotBefore

func (c Claims) NotBefore() (time.Time, bool)

NotBefore retrieves the reserved "nbf" claim.

func (Claims) Set

func (c Claims) Set(key string, value interface{}) interface{}

Set sets a value in the claims. It returns a potential old value.

func (Claims) SetAudience

func (c Claims) SetAudience(auds ...string) []string

SetAudience sets the reserved "aud" claim. It returns a potential old value.

func (Claims) SetExpiration

func (c Claims) SetExpiration(t time.Time) time.Time

SetExpiration sets the reserved "exp" claim. It returns a potential old value.

func (Claims) SetIdentifier

func (c Claims) SetIdentifier(id string) string

SetIdentifier sets the reserved "jti" claim. It returns a potential old value.

func (Claims) SetIssuedAt

func (c Claims) SetIssuedAt(t time.Time) time.Time

SetIssuedAt sets the reserved "iat" claim. It returns a potential old value.

func (Claims) SetIssuer

func (c Claims) SetIssuer(issuer string) string

SetIssuer sets the reserved "iss" claim. It returns a potential old value.

func (Claims) SetNotBefore

func (c Claims) SetNotBefore(t time.Time) time.Time

SetNotBefore sets the reserved "nbf" claim. It returns a potential old value.

func (Claims) SetSubject

func (c Claims) SetSubject(subject string) string

SetSubject sets the reserved "sub" claim. It returns a potential old value.

func (Claims) SetTime

func (c Claims) SetTime(key string, t time.Time) time.Time

SetTime sets a time value in the claims. It returns a potential old value.

func (Claims) Subject

func (c Claims) Subject() (string, bool)

Subject retrieves the reserved "sub" claim.

func (*Claims) UnmarshalJSON

func (c *Claims) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the json.Marshaller interface.

type JWT

type JWT struct {
	// contains filtered or unexported fields
}

JWT manages the parts of a JSON Web Token and the access to those.

func Decode

func Decode(token string) (*JWT, error)

Decode creates a token out of a string without verification.

func Encode

func Encode(claims Claims, key Key, algorithm Algorithm) (*JWT, error)

Encode creates a JSON Web Token for the given claims based on key and algorithm.

func FromContext

func FromContext(ctx context.Context) (*JWT, bool)

FromContext returns the token stored in ctx, if any.

func RequestDecode

func RequestDecode(req *http.Request) (*JWT, error)

RequestDecode tries to retrieve a token from a request header.

func RequestVerify

func RequestVerify(req *http.Request, key Key) (*JWT, error)

RequestVerify retrieves a possible token from a request. The JWT then will be verified.

func Verify

func Verify(token string, key Key) (*JWT, error)

Verify creates a token out of a string and varifies it against the passed key.

func (*JWT) Algorithm

func (jwt *JWT) Algorithm() Algorithm

Algorithm returns the algorithm of the token after encoding, decoding, or verification.

func (*JWT) Claims

func (jwt *JWT) Claims() Claims

Claims returns the claims payload of the token.

func (*JWT) IsValid

func (jwt *JWT) IsValid(leeway time.Duration) bool

IsValid is a convenience method checking the registered claims if the token is valid.

func (*JWT) Key

func (jwt *JWT) Key() (Key, error)

Key returns the key of the token only when it is a result of encoding or verification.

func (*JWT) String

func (jwt *JWT) String() string

String implements the fmt.Stringer interface.

type Key

type Key interface{}

Key is the used key to sign a token. The real implementation controls signing and verification.

func ReadECPrivateKey

func ReadECPrivateKey(r io.Reader) (Key, error)

ReadECPrivateKey reads a PEM formated ECDSA private key from the passed reader.

func ReadECPublicKey

func ReadECPublicKey(r io.Reader) (Key, error)

ReadECPublicKey reads a PEM encoded ECDSA public key from the passed reader.

func ReadRSAPrivateKey

func ReadRSAPrivateKey(r io.Reader) (Key, error)

ReadRSAPrivateKey reads a PEM encoded PKCS1 or PKCS8 private key from the passed reader.

func ReadRSAPublicKey

func ReadRSAPublicKey(r io.Reader) (Key, error)

ReadRSAPublicKey reads a PEM encoded PKCS1 or PKCS8 public key from the passed reader.

type Signature

type Signature []byte

Signature is the resulting signature when signing a token.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL