jwt

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 8, 2024 License: MIT Imports: 11 Imported by: 0

Documentation

Overview

Package jwt provides primitives for working with JWT (Parser, Claims, and so on).

Index

Constants

View Source 
const DefaultClaimsCacheMaxEntries = 1000

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessPolicy 

type AccessPolicy struct {
	// TenantID is a unique identifier of tenant for which access is granted (if resource is not specified)
	// or which the resource is owned by (if resource is specified).
	TenantID string `json:"tid,omitempty"`

	// TenantUUID is a UUID of tenant for which access is granted (if the resource is not specified)
	// or which the resource is owned by (if the resource is specified).
	TenantUUID string `json:"tuid,omitempty"`

	// ResourceServerID is a unique resource server instance or cluster ID.
	ResourceServerID string `json:"rs,omitempty"`

	// ResourceNamespace is a namespace to which resource belongs within resource server.
	// E.g.: account-server, storage-manager, task-manager, alert-manager, etc.
	ResourceNamespace string `json:"rn,omitempty"`

	// ResourcePath is a unique identifier of or path to a single resource or resource collection
	// in the scope of the resource server and namespace.
	ResourcePath string `json:"rp,omitempty"`

	// Role determines what actions are allowed to be performed on the specified tenant or resource.
	Role string `json:"role,omitempty"`
}

AccessPolicy represents a single access policy which specifies access rights to a tenant or resource in the scope of a resource server.

type AudienceMissingError 

type AudienceMissingError struct {
	Claims *Claims
}

AudienceMissingError represents an error when JWT audience is missing, but it's required.

func (*AudienceMissingError) Error 

func (e *AudienceMissingError) Error() string

type AudienceNotExpectedError 

type AudienceNotExpectedError struct {
	Claims *Claims
}

AudienceNotExpectedError represents an error when JWT contains not expected audience.

func (*AudienceNotExpectedError) Error 

func (e *AudienceNotExpectedError) Error() string

type CachingKeysProvider 

type CachingKeysProvider interface {
	KeysProvider
	InvalidateCacheIfNeeded(ctx context.Context, issuer string) error
}

CachingKeysProvider is an interface for providing keys for verifying JWT. Unlike KeysProvider, it supports caching of obtained keys.

type CachingParser 

type CachingParser struct {
	*Parser
	ClaimsCache ClaimsCache
}

CachingParser uses the functionality of Parser to parse JWT, but stores resulted Claims objects in the cache.

func NewCachingParser 

func NewCachingParser(keysProvider KeysProvider, logger log.FieldLogger) (*CachingParser, error)

func NewCachingParserWithOpts 

func NewCachingParserWithOpts(
	keysProvider KeysProvider, logger log.FieldLogger, opts CachingParserOpts,
) (*CachingParser, error)

func (*CachingParser) InvalidateClaimsCache 

func (cp *CachingParser) InvalidateClaimsCache()

InvalidateClaimsCache removes all preserved parsed Claims objects from cache.

func (*CachingParser) Parse 

func (cp *CachingParser) Parse(ctx context.Context, token string) (*Claims, error)

Parse calls Parse method of embedded original Parser but stores result into cache.

type CachingParserOpts 

type CachingParserOpts struct {
	ParserOpts
	CacheMaxEntries              int
	CachePrometheusInstanceLabel string
}

type Claims 

type Claims struct {
	jwtgo.RegisteredClaims
	Scope           []AccessPolicy `json:"scope,omitempty"`
	Version         int            `json:"ver,omitempty"`
	UserID          string         `json:"uid,omitempty"`
	OriginID        string         `json:"origin,omitempty"`
	ClientID        string         `json:"client_id,omitempty"`
	TOTPTime        int64          `json:"totp_time,omitempty"`
	SubType         string         `json:"sub_type,omitempty"`
	OwnerTenantUUID string         `json:"owner_tuid,omitempty"`
}

Claims represents an extended version of JWT claims.

type ClaimsCache 

type ClaimsCache interface {
	Get(key [sha256.Size]byte) (*Claims, bool)
	Add(key [sha256.Size]byte, value *Claims)
	Purge()
	Len() int
}

ClaimsCache is an interface that must be implemented by used cache implementations.

type IssuerMissingError 

type IssuerMissingError struct {
	Claims *Claims
}

IssuerMissingError represents an error when JWT issuer is missing.

func (*IssuerMissingError) Error 

func (e *IssuerMissingError) Error() string

type IssuerUntrustedError 

type IssuerUntrustedError struct {
	Claims *Claims
}

IssuerUntrustedError represents an error when JWT issuer is untrusted.

func (*IssuerUntrustedError) Error 

func (e *IssuerUntrustedError) Error() string

type KeysProvider 

type KeysProvider interface {
	GetRSAPublicKey(ctx context.Context, issuer, keyID string) (interface{}, error)
}

KeysProvider is an interface for providing keys for verifying JWT.

type Parser 

type Parser struct {
	// contains filtered or unexported fields
}

Parser is an object for parsing, validation and verification JWT.

func NewParser 

func NewParser(keysProvider KeysProvider, logger log.FieldLogger) *Parser

NewParser creates new JWT parser with specified keys provider.

func NewParserWithOpts 

func NewParserWithOpts(keysProvider KeysProvider, logger log.FieldLogger, opts ParserOpts) *Parser

NewParserWithOpts creates new JWT parser with specified keys provider and additional options.

func (*Parser) AddTrustedIssuer 

func (p *Parser) AddTrustedIssuer(issName, issURL string)

AddTrustedIssuer adds trusted issuer with specified name and URL.

func (*Parser) AddTrustedIssuerURL 

func (p *Parser) AddTrustedIssuerURL(issURL string) error

AddTrustedIssuerURL adds trusted issuer URL.

func (*Parser) GetURLForIssuer 

func (p *Parser) GetURLForIssuer(issuer string) (string, bool)

GetURLForIssuer returns URL for issuer if it is trusted.

func (*Parser) Parse 

func (p *Parser) Parse(ctx context.Context, token string) (*Claims, error)

Parse parses, validates and verifies passed token (it's string representation). Parsed claims is returned.

type ParserOpts 

type ParserOpts struct {
	SkipClaimsValidation          bool
	RequireAudience               bool
	ExpectedAudience              []string
	TrustedIssuerNotFoundFallback TrustedIssNotFoundFallback
}

ParserOpts additional options for parser.

type SignAlgUnknownError 

type SignAlgUnknownError struct {
	Alg string
}

SignAlgUnknownError represents an error when JWT signing algorithm is unknown.

func (*SignAlgUnknownError) Error 

func (e *SignAlgUnknownError) Error() string

type TrustedIssNotFoundFallback 

type TrustedIssNotFoundFallback func(ctx context.Context, p *Parser, iss string) (issURL string, issFound bool)

TrustedIssNotFoundFallback is a function called when given issuer is not found in the list of trusted ones. For example, it could be analyzed and then added to the list by calling AddTrustedIssuerURL method.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.