jwt

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 28, 2025 License: AGPL-3.0 Imports: 15 Imported by: 0

README

OAuth Bridge JWT Package

ECC-based JWT utilities for OAuth Bridge authentication with deterministic key derivation.

Installation

# Get latest version
go get github.com/OpsMx/oauth-bridge-client/pkg/jwt@latest

# Get specific version
go get github.com/OpsMx/oauth-bridge-client/pkg/jwt@v1.0.0

Usage

import "github.com/OpsMx/oauth-bridge-client/pkg/jwt"

Features

  • Deterministic Key Derivation: Generate ECC keys from master secrets
  • ECC JWT Signing: ES256 algorithm support
  • JWT Validation: Secure token verification
  • Master Secret Management: Secure secret loading utilities

Basic Usage

// Create service with master secret
service := jwt.NewService("your-master-secret")

// Derive private key for organization
privateKey, err := service.DeriveKey("org-id", "key-id")

// Sign JWT payload
payload := &types.ECCJWTPayload{
    Audience: "oauth-bridge",
    OrgID:    "org-id",
    Kid:      "key-id",
}
token, err := service.SignJWT(payload, privateKey)

// Validate JWT
claims, err := service.ValidateJWT(token, "org-id", "key-id")

Standalone Functions

// Direct key derivation
privateKey, err := jwt.DeriveECCKey("master-secret", "org-id", "key-id")

// Direct JWT signing
token, err := jwt.SignECCJWT(payload, privateKey)

// Direct JWT validation  
claims, err := jwt.ValidateECCJWT(token, "master-secret", "org-id", "key-id")

Version Management

This package uses semantic versioning as a Go sub-module:

# List available versions
git tag --list | grep "pkg/jwt"

Dependencies

  • github.com/golang-jwt/jwt/v5 - JWT handling
  • github.com/OpsMx/oauth-bridge-client/pkg/types - Payload types
  • Standard Go crypto libraries

Documentation

Overview

Package jwt provides ECC-based JWT authentication with deterministic key derivation

Package jwt provides ECC-based JWT authentication with deterministic key derivation This is a clean, focused implementation supporting only ECC authentication

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DeriveECCKeyFromSeed 

func DeriveECCKeyFromSeed(seed []byte) (*ecdsa.PrivateKey, error)

DeriveECCKeyFromSeed derives an ECC private key from a seed using P-256 curve

func ExtractDomain 

func ExtractDomain(baseURL string) string

ExtractDomain extracts the domain/host from a base URL for key derivation

func LoadMasterSecret 

func LoadMasterSecret(path string) (string, error)

LoadMasterSecret loads the master secret from the configured path

func ValidateJWT 

func ValidateJWT(tokenString, masterSecret, domain, kid string) (*types.ECCJWTPayload, error)

ValidateJWT validates a JWT signed with ECC (ES256) using deterministic key derivation

Types

type PrivateKey 

type PrivateKey struct {
	// contains filtered or unexported fields
}

PrivateKey encapsulates an ECC private key with its metadata and operations This prevents direct access to the raw private key material

func DeriveKey 

func DeriveKey(masterSecret, domain, kid string) (*PrivateKey, error)

DeriveKey derives an ECC private key and returns it as a PrivateKey struct This encapsulates the key material and provides secure operations

func NewPrivateKey 

func NewPrivateKey(rawKey *ecdsa.PrivateKey, domain, kid string) *PrivateKey

NewPrivateKey creates a PrivateKey struct from an existing raw ECC private key This is used when you already have a parsed private key (e.g., from PEM) and want to encapsulate it

func (*PrivateKey) Domain 

func (pk *PrivateKey) Domain() string

Domain returns the domain associated with this private key

func (*PrivateKey) Kid 

func (pk *PrivateKey) Kid() string

Kid returns the key ID associated with this private key

func (*PrivateKey) PrivateKeyPEM 

func (pk *PrivateKey) PrivateKeyPEM() (string, error)

PrivateKeyPEM returns the private key in PEM format (admin use only) WARNING: This exposes the private key material and should only be used for administrative purposes

func (*PrivateKey) PublicKeyPEM 

func (pk *PrivateKey) PublicKeyPEM() (string, error)

PublicKeyPEM returns the public key in PEM format

func (*PrivateKey) SignJWT 

func (pk *PrivateKey) SignJWT(payload *types.ECCJWTPayload) (string, error)

SignJWT signs a JWT using this private key

func (*PrivateKey) Zero 

func (pk *PrivateKey) Zero()

Zero securely zeros the private key material and metadata (called by finalizer)

type Service 

type Service struct {
	// contains filtered or unexported fields
}

Service provides ECC JWT operations using a master secret

func NewService 

func NewService(masterSecret string) *Service

NewService creates a new ECC JWT service with the provided master secret

func (*Service) DeriveKey 

func (s *Service) DeriveKey(domain, kid string) (*PrivateKey, error)

DeriveKey derives an ECC private key for the given domain and key ID

func (*Service) ValidateJWT 

func (s *Service) ValidateJWT(tokenString, domain, kid string) (*types.ECCJWTPayload, error)

ValidateJWT validates a JWT for the given domain and key ID

type Signer 

type Signer interface {
	SignJWT(payload *types.ECCJWTPayload) (string, error)
	Domain() string
	Kid() string
	PublicKeyPEM() (string, error)
}

Signer interface for testing and abstraction

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.