jwt

package

v1.136.0 Latest Latest Go to latest Published: Feb 13, 2026 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation ¶

Index ¶

Variables
func ParseKey(key []byte) (any, error)
type Algorithm
- func (a Algorithm) String() string
type Labels
- func (l Labels) AsExtraLabels() []string
type TenantID
- func (tid TenantID) String() string
type Token
- func NewToken(auth string, enforceAuthPrefix bool) (*Token, error)
- func NewTokenFromRequestWithCustomHeader(r *http.Request, headerName string, enforceAuthPrefix bool) (*Token, error)
type Verifier
type VerifierPool
- func NewVerifierPool(keys []any) (*VerifierPool, error)
- func (vp *VerifierPool) Verify(token *Token) error

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrNilKey indicates that key is nil.
	ErrNilKey = errors.New("key is nil")

	// ErrInvalidKey indicates that key is not valid.
	ErrInvalidKey = errors.New("key is not valid")

	// ErrUnsupportedAlg indicates that given algorithm is not supported.
	ErrUnsupportedAlg = errors.New("algorithm is not supported")

	// ErrInvalidSignature indicates that signature is not valid.
	ErrInvalidSignature = errors.New("signature is not valid")
)

JWT sign, verify, build and parse errors.

View Source

var (
	// ErrHeaderMissing missing header.
	ErrHeaderMissing = fmt.Errorf("jwt authorization header is missing")
	// ErrVMAccessFieldMissing missing vm_access field.
	ErrVMAccessFieldMissing = fmt.Errorf("missing `vm_access` claim")
	// ErrBadTokenFormat incorrect format for token
	ErrBadTokenFormat = fmt.Errorf("bad token format, must be jwt")
)

View Source

var (
	// ErrSignatureVerificationFailed token signature verification failed
	ErrSignatureVerificationFailed = fmt.Errorf("failed to verify token signature")
	// ErrSignatureAlgorithmNotSupported signature algorithm not supported
	ErrSignatureAlgorithmNotSupported = fmt.Errorf("signature algorithm verification not supported, supported algorithms: RS256, RS384, RS512, PS256, PS384, PS512, ES256, ES384, ES512")
)

Functions ¶

func ParseKey ¶

func ParseKey(key []byte) (any, error)

ParseKey parses key in PEM format. It returns a *rsa.PublicKey, *dsa.PublicKey, *ecdsa.PublicKey, or ed25519.PublicKey.

Types ¶

type Algorithm ¶

type Algorithm string

Algorithm for signing and verifying.

const (
	RS256 Algorithm = "RS256"
	RS384 Algorithm = "RS384"
	RS512 Algorithm = "RS512"

	ES256 Algorithm = "ES256"
	ES384 Algorithm = "ES384"
	ES512 Algorithm = "ES512"

	PS256 Algorithm = "PS256"
	PS384 Algorithm = "PS384"
	PS512 Algorithm = "PS512"
)

Algorithm names for signing and verifying.

func (Algorithm) String ¶

func (a Algorithm) String() string

type Labels ¶

type Labels map[string]string

Labels defines labels added to filters or incoming time series.

func (Labels) AsExtraLabels ¶

func (l Labels) AsExtraLabels() []string

AsExtraLabels - converts labels to label=value pairs.

type TenantID ¶

type TenantID struct {
	ProjectID int32 `json:"project_id"`
	AccountID int32 `json:"account_id"`
}

TenantID represents tenantID.

func (TenantID) String ¶

func (tid TenantID) String() string

String implements interface.

type Token ¶

type Token struct {
	// contains filtered or unexported fields
}

Token represents jwt token https://auth0.com/docs/tokens/json-web-tokens

func NewToken ¶

func NewToken(auth string, enforceAuthPrefix bool) (*Token, error)

NewToken creates token from raw string.

func NewTokenFromRequestWithCustomHeader ¶

func NewTokenFromRequestWithCustomHeader(r *http.Request, headerName string, enforceAuthPrefix bool) (*Token, error)

NewTokenFromRequestWithCustomHeader return new jwt token from request by provided header

func (*Token) AccessLabels ¶

func (t *Token) AccessLabels() []string

AccessLabels returns access labels for given JWT token, in key=value format.

func (*Token) CanRead ¶

func (t *Token) CanRead() bool

CanRead check if token has read permissions.

func (*Token) CanWrite ¶

func (t *Token) CanWrite() bool

CanWrite checks if token has write permissions.

func (*Token) ExtraFilters ¶

func (t *Token) ExtraFilters() []string

ExtraFilters metricsql filters for select queries

func (*Token) IsExpired ¶

func (t *Token) IsExpired(currentTime time.Time) bool

IsExpired checks if jwt token is expired.

func (*Token) Tenant ¶

func (t *Token) Tenant() TenantID

Tenant returns tenantID for token.

type Verifier ¶

type Verifier interface {
	Verify(token *Token) error
}

Verifier is used to verify tokens.

type VerifierPool ¶

type VerifierPool struct {
	// contains filtered or unexported fields
}

VerifierPool is a pool of verifiers for different algorithms

func NewVerifierPool ¶

func NewVerifierPool(keys []any) (*VerifierPool, error)

NewVerifierPool creates a new verifier pool for a set of keys

func (*VerifierPool) Verify ¶

func (vp *VerifierPool) Verify(token *Token) error

Verify verifies a token signature by using keys provided to verifier pool

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL