jwks

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 25, 2026 License: MIT Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultJWKSPath      = "/.well-known/jwks.json"
	DefaultDiscoveryPath = "/.well-known/openid-configuration"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Client 

type Client struct {
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(jwksURL string, opts ...ClientOption) *Client

func NewClientFromDiscovery 

func NewClientFromDiscovery(issuerURL string, opts ...ClientOption) (*Client, error)

func (*Client) Verifier 

func (c *Client) Verifier() (*jwtpkg.Verifier, error)

type ClientOption 

type ClientOption func(*Client)

func WithCacheTTL 

func WithCacheTTL(d time.Duration) ClientOption

func WithHTTPClient 

func WithHTTPClient(hc *http.Client) ClientOption

type EndpointOption 

type EndpointOption func(*Endpoints)

func WithDiscoveryPath 

func WithDiscoveryPath(p string) EndpointOption

func WithIssuerURLOverride 

func WithIssuerURLOverride(url string) EndpointOption

func WithJWKSPath 

func WithJWKSPath(p string) EndpointOption

type Endpoints 

type Endpoints struct {
	// contains filtered or unexported fields
}

Endpoints aggregates JWKS and OIDC Discovery handlers with their standard well-known paths, providing a single Register call.

func NewEndpoints 

func NewEndpoints(km *KeyManager, appCfg *conf.App, l logger.Logger, opts ...EndpointOption) *Endpoints

NewEndpoints creates an Endpoints that reads external_url from appCfg. If external_url is empty a warning is logged and the issuer URL in the OIDC Discovery response will be blank.

func (*Endpoints) Register 

func (e *Endpoints) Register(r RouteRegistrar)

Register mounts the JWKS and OIDC Discovery handlers onto r.

type Key 

type Key struct {
	Kty string `json:"kty"`
	Use string `json:"use"`
	Kid string `json:"kid"`
	Alg string `json:"alg"`
	N   string `json:"n"`
	E   string `json:"e"`
}

type KeyManager 

type KeyManager struct {
	// contains filtered or unexported fields
}

func NewKeyManager 

func NewKeyManager(opts ...Option) (*KeyManager, error)

func NewKeyManagerFromConfig 

func NewKeyManagerFromConfig(cfg *conf.App) (*KeyManager, error)

NewKeyManagerFromConfig creates a KeyManager by reading JWT settings from the shared app configuration. It bridges conf.App.Jwt fields to jwks.Option so callers don't need to repeat the mapping logic.

func (*KeyManager) JWKSResponse 

func (km *KeyManager) JWKSResponse() *Response

func (*KeyManager) Signer 

func (km *KeyManager) Signer() *jwtpkg.Signer

func (*KeyManager) Verifier 

func (km *KeyManager) Verifier() *jwtpkg.Verifier

type Option 

type Option func(*options)

func WithPrivateKeyPEM 

func WithPrivateKeyPEM(pem []byte) Option

func WithPrivateKeyPath 

func WithPrivateKeyPath(path string) Option

type Response 

type Response struct {
	Keys []Key `json:"keys"`
}

type RouteRegistrar 

type RouteRegistrar interface {
	Handle(path string, h http.Handler)
}

RouteRegistrar is satisfied by *khttp.Server and *http.ServeMux.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.