oauth

package
v1.0.16 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 30, 2026 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultJWKSKeySetTTL = 60 * time.Minute
)

Variables

This section is empty.

Functions

func GetJWKSKeysURL 

func GetJWKSKeysURL(etsEndpoint string) string

func NewJWKFromRSAPub 

func NewJWKFromRSAPub(pub *rsa.PublicKey) (*jose.JSONWebKey, error)

NewJWKFromRSAPub creates jose.JSONWebKey object from a rsa.PublicKey, with its KeyID set to the hash computed by jwkKeyID.

func NewJWKSFromRSAPubKeys 

func NewJWKSFromRSAPubKeys(pubKeys []*rsa.PublicKey) (*jose.JSONWebKeySet, error)

NewJWKSFromRSAPubKeys returns jose.JSONWebKeySet from a list of RSA public keys.

func NewJWKSHandler 

func NewJWKSHandler(pubKeys []*rsa.PublicKey) http.HandlerFunc

NewJWKSHandler returns a http handler the implements .well-known/jwks.json API, given a list of known public keys.

func PublicKeyToPEM 

func PublicKeyToPEM(pubKey crypto.PublicKey) (string, error)

PublicKeyToPEM returns the pem encoded public key as string

Types

type JWKSCache 

type JWKSCache struct {
	// URL is the .well-known/jwks.json url, e.g.,
	// https://eps.egx.nvidia.com/.well-known/jwks.json
	URL string

	// dependencies
	RoundTrip func(*http.Request) (*http.Response, error)
	// contains filtered or unexported fields
}

JWKSCache is a helper client cache struct that fetch public keys from EPS .well-known/jwks.json endpoint. Example usage in EMS:

jc := NewJWKSCache("https://eps.egx.nvidia.com/.well-known/jwks.json")

err := jc.Refresh() if err != nil { ... }

epsPub, err := jc.Get(deviceEnrollmentRequest.KeyVersion) if err != nil { ... }

err := VerifyEnrollmentRequest(deviceEnrollmentRequest, epsPub)

func NewJWKSCache 

func NewJWKSCache(url string) *JWKSCache

func (*JWKSCache) Get 

func (jc *JWKSCache) Get(kid string) (*rsa.PublicKey, error)

func (*JWKSCache) GetJSONWebKeySet 

func (jc *JWKSCache) GetJSONWebKeySet() jose.JSONWebKeySet

func (*JWKSCache) GetOrRefresh 

func (jc *JWKSCache) GetOrRefresh(kid string) (*rsa.PublicKey, error)

func (*JWKSCache) Refresh 

func (jc *JWKSCache) Refresh() error

type JWKSVerifier 

type JWKSVerifier struct {
	sync.Mutex
	// contains filtered or unexported fields
}

JWKSVerifier acts as a token verifier for to be consumed by the

func NewJWKSVerifier 

func NewJWKSVerifier(jwksURL string, options ...JWKSVerifierOption) *JWKSVerifier

func (*JWKSVerifier) ExtractVerifiedToken 

func (v *JWKSVerifier) ExtractVerifiedToken(ctx context.Context, token string) (JWT, error)

func (*JWKSVerifier) JWKSURL 

func (v *JWKSVerifier) JWKSURL() string

func (*JWKSVerifier) VerifyToken 

func (v *JWKSVerifier) VerifyToken(ctx context.Context, token string) (bool, error)

VerifyToken verifies that the current token is valid. Returns true if valid, false otherwise. An error is returned only when the validity of the token could not be determined.

type JWKSVerifierOption 

type JWKSVerifierOption func(*JWKSVerifier)

func WithJWKSVerifierCacheTTL 

func WithJWKSVerifierCacheTTL(cacheTTL time.Duration) JWKSVerifierOption

type JWT 

type JWT struct {
	Issuer            string `json:"iss"`
	TokenType         string `json:"token_type"`
	Subject           string `json:"sub"`
	AuthorizedParties string `json:"azp"`
	Service           struct {
		ID   string `json:"id"`
		Name string `json:"name"`
	} `json:"service"`
	JWTID      string   `json:"jti"`
	Audience   []string `json:"aud"`
	Scopes     []string `json:"scopes"`
	Expiration int64    `json:"exp"`
	IssuedAt   int64    `json:"iat"`
}

func (JWT) ExpirationTime 

func (jwt JWT) ExpirationTime() time.Time

func (JWT) IssuedAtTime 

func (jwt JWT) IssuedAtTime() time.Time

type JWTCache 

type JWTCache struct {

	// sync.Mutex protects followings mutable states
	sync.Mutex
	// contains filtered or unexported fields
}

func NewJWTCache 

func NewJWTCache() *JWTCache

func (*JWTCache) Copy 

func (c *JWTCache) Copy() *JWTCache

func (*JWTCache) FetchToken 

func (c *JWTCache) FetchToken(ctx context.Context) (string, error)

FetchToken returns the token in the cache if it think the token is valid, otherwise, it tries to fetch a new token and update cache first.

func (*JWTCache) ForceNewToken 

func (c *JWTCache) ForceNewToken(ctx context.Context) (string, error)

ForceNewToken forces to retrieve a new device token. Caller is not expect to use ForceNewToken() directly but use FetchToken() most of time.

func (*JWTCache) RefreshClient 

func (c *JWTCache) RefreshClient()

func (*JWTCache) WithBackOffBase 

func (c *JWTCache) WithBackOffBase(backOffBase time.Duration) *JWTCache

func (*JWTCache) WithBackOffMax 

func (c *JWTCache) WithBackOffMax(backOffMax time.Duration) *JWTCache

func (*JWTCache) WithExpiryMargin 

func (c *JWTCache) WithExpiryMargin(margin time.Duration) *JWTCache

func (*JWTCache) WithFetcher 

func (c *JWTCache) WithFetcher(fetcher tokenFetcher) *JWTCache

func (*JWTCache) WithNowFunc 

func (c *JWTCache) WithNowFunc(f func() time.Time) *JWTCache

func (*JWTCache) WithVerifier 

func (c *JWTCache) WithVerifier(jwtVerifier tokenVerifier) *JWTCache

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.